CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33368
https://notcve.org/view.php?id=CVE-2024-33368
27 Sep 2024 — An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen • https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46257
https://notcve.org/view.php?id=CVE-2024-46257
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47175 – libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
https://notcve.org/view.php?id=CVE-2024-47175
26 Sep 2024 — When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. ... This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially inser... • https://packetstorm.news/files/id/182767 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 2CVE-2024-47076 – libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
https://notcve.org/view.php?id=CVE-2024-47076
26 Sep 2024 — CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. ... In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. ... In combination with issues in other printing components, a remote attacker... • https://packetstorm.news/files/id/182767 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 15CVE-2024-47176 – cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
https://notcve.org/view.php?id=CVE-2024-47176
26 Sep 2024 — This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. ... Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled. ... When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can <... • https://packetstorm.news/files/id/181978 • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function CWE-940: Improper Verification of Source of a Communication Channel CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47180 – Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
https://notcve.org/view.php?id=CVE-2024-47180
26 Sep 2024 — Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. • https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47169 – Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
https://notcve.org/view.php?id=CVE-2024-47169
26 Sep 2024 — Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-ho... • https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83 • CWE-35: Path Traversal: '.../...//' CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49038
https://notcve.org/view.php?id=CVE-2022-49038
26 Sep 2024 — Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9250 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9250
26 Sep 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attac... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9252 – Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9252
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute