CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2024-20411 – Cisco NX-OS Bash Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20411
28 Aug 2024 — A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. ... A successful exploit could allow the attacker to execute arbitrary code with the privileges of root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26323 – Xiaomi App Market has a code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26323
28 Aug 2024 — A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. • https://trust.mi.com/misrc/bulletins/advisory?cveId=543 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38120 – Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38120
28 Aug 2024 — A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authenticat... • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7856 – MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7856
28 Aug 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted. • https://github.com/l8BL/CVE-2024-7856 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43984 – WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-43984
28 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. ... This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-13-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
27 Aug 2024 — HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39996
https://notcve.org/view.php?id=CVE-2022-39996
27 Aug 2024 — Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. • https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42851
https://notcve.org/view.php?id=CVE-2024-42851
27 Aug 2024 — Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. • https://github.com/T1anyang/fuzzing/blob/main/exiftags/crash.md • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41622
https://notcve.org/view.php?id=CVE-2024-41622
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44340
https://notcve.org/view.php?id=CVE-2024-44340
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •