CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9723 – Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9723
12 Nov 2024 — Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1480 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9726 – Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9726
12 Nov 2024 — Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the curr... • https://www.zerodayinitiative.com/advisories/ZDI-24-1475 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28729
https://notcve.org/view.php?id=CVE-2024-28729
12 Nov 2024 — An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
11 Nov 2024 — This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. An update is now available for Red Hat Ansible Automation Platform Execution Environments. • https://access.redhat.com/security/cve/CVE-2024-11079 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11078 – code-projects Job Recruitment register.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11078
11 Nov 2024 — A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. ... A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. ... In code-projects Job Recruitment 1.0 wurde eine Schwachstelle gefunden. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51748 – Remote code execution through language setting in kanboard
https://notcve.org/view.php?id=CVE-2024-51748
11 Nov 2024 — An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. ... Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. • https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11070 – Sanluan PublicCMS Tag Type save cross site scripting
https://notcve.org/view.php?id=CVE-2024-11070
11 Nov 2024 — A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/sanluan/PublicCMS/issues/IB1Q5J • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-50263 – fork: only invoke khugepaged, ksm hooks if no error
https://notcve.org/view.php?id=CVE-2024-50263
11 Nov 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://packetstorm.news/files/id/183019 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11018 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11018
11 Nov 2024 — Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11017 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11017
11 Nov 2024 — Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •