CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8359 – Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8359
30 Aug 2024 — Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute cod... • https://www.zerodayinitiative.com/advisories/ZDI-24-1191 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8358 – Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8358
30 Aug 2024 — Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute code... • https://www.zerodayinitiative.com/advisories/ZDI-24-1190 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
30 Aug 2024 — Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges execute
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8357 – Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8357
30 Aug 2024 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. • https://www.zerodayinitiative.com/advisories/ZDI-24-1189 • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8360 – Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8360
30 Aug 2024 — Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1192 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-45490 – libexpat: Negative Length Parsing Vulnerability in libexpat
https://notcve.org/view.php?id=CVE-2024-45490
30 Aug 2024 — An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. ... An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/libexpat/libexpat/issues/887 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2024-45491 – libexpat: Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2024-45491
30 Aug 2024 — An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. ... An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/libexpat/libexpat/issues/888 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8252 – Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-8252
29 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/frontend.php#L20 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43804 – OS Command Injection via Port Scan Functionality in Roxy-WI
https://notcve.org/view.php?id=CVE-2024-43804
29 Aug 2024 — An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. • https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5623 – Untrusted search path vulnerability in B&R APROL
https://notcve.org/view.php?id=CVE-2024-5623
29 Aug 2024 — An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •