CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8194 – Debian Security Advisory 5761-1
https://notcve.org/view.php?id=CVE-2024-8194
28 Aug 2024 — Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8193 – Debian Security Advisory 5761-1
https://notcve.org/view.php?id=CVE-2024-8193
28 Aug 2024 — Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.7EPSS: 0%CPEs: 222EXPL: 0CVE-2024-20478 – Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20478
28 Aug 2024 — A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. ... A successful exploit could allow the attacker to execute arbitrary code on the affected system and el... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2024-20411 – Cisco NX-OS Bash Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20411
28 Aug 2024 — A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. ... A successful exploit could allow the attacker to execute arbitrary code with the privileges of root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26323 – Xiaomi App Market has a code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26323
28 Aug 2024 — A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. • https://trust.mi.com/misrc/bulletins/advisory?cveId=543 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38120 – Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38120
28 Aug 2024 — A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authenticat... • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7856 – MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7856
28 Aug 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted. • https://github.com/l8BL/CVE-2024-7856 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43984 – WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-43984
28 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. ... This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-13-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
27 Aug 2024 — HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39996
https://notcve.org/view.php?id=CVE-2022-39996
27 Aug 2024 — Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. • https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •