CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2315 – SMM arbitrary code execution in Overclock
https://notcve.org/view.php?id=CVE-2024-2315
12 Nov 2024 — APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33658 – Buffer Overflow Vulnerability In OFBD
https://notcve.org/view.php?id=CVE-2024-33658
12 Nov 2024 — Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-11130 – ZZCMS msg.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11130
12 Nov 2024 — A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. • https://github.com/En0t5/vul/blob/main/zzcms-msg-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37365 – FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
https://notcve.org/view.php?id=CVE-2024-37365
12 Nov 2024 — A remote code execution vulnerability exists in the affected product. A remote code execution vulnerability exists in the affected product. ... Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute a... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10828 – Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details
https://notcve.org/view.php?id=CVE-2024-10828
12 Nov 2024 — The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10629 – GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10629
12 Nov 2024 — The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. This makes it possible for authenticated attackers, with subscribe... • https://github.com/RandomRobbieBF/CVE-2024-10629 • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2024-50557
https://notcve.org/view.php?id=CVE-2024-50557
12 Nov 2024 — This could allow an unauthenticated remote attacker to execute arbitrary code on the device. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47942
https://notcve.org/view.php?id=CVE-2024-47942
12 Nov 2024 — The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46890
https://notcve.org/view.php?id=CVE-2024-46890
12 Nov 2024 — This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46888
https://notcve.org/view.php?id=CVE-2024-46888
12 Nov 2024 — This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •