CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8360 – Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8360
30 Aug 2024 — Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1192 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-45490 – libexpat: Negative Length Parsing Vulnerability in libexpat
https://notcve.org/view.php?id=CVE-2024-45490
30 Aug 2024 — An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. ... An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/libexpat/libexpat/issues/887 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2024-45491 – libexpat: Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2024-45491
30 Aug 2024 — An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. ... An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/libexpat/libexpat/issues/888 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8252 – Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-8252
29 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/frontend.php#L20 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43804 – OS Command Injection via Port Scan Functionality in Roxy-WI
https://notcve.org/view.php?id=CVE-2024-43804
29 Aug 2024 — An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. • https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5623 – Untrusted search path vulnerability in B&R APROL
https://notcve.org/view.php?id=CVE-2024-5623
29 Aug 2024 — An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5622 – Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5622
29 Aug 2024 — .-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43700 – Ubuntu Security Notice USN-7192-1
https://notcve.org/view.php?id=CVE-2024-43700
29 Aug 2024 — When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment. ... If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash or execute arbitrary code. • https://github.com/PhilipHazel/xfpt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41369
https://notcve.org/view.php?id=CVE-2024-41369
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41361
https://notcve.org/view.php?id=CVE-2024-41361
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •