CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5622 – Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5622
29 Aug 2024 — .-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43700 – Ubuntu Security Notice USN-7192-1
https://notcve.org/view.php?id=CVE-2024-43700
29 Aug 2024 — When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment. ... If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash or execute arbitrary code. • https://github.com/PhilipHazel/xfpt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41369
https://notcve.org/view.php?id=CVE-2024-41369
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41361
https://notcve.org/view.php?id=CVE-2024-41361
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44777 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44777
29 Aug 2024 — A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/180462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8016 – The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8016
29 Aug 2024 — The additional presence of a POP chain allows attackers to execute code remotely. • https://theeventscalendar.com/blog/news/important-security-update-for-the-events-calendar-pro • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8255 – Path Traversal in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-8255
29 Aug 2024 — Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. ... An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41364
https://notcve.org/view.php?id=CVE-2024-41364
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2400 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41367
https://notcve.org/view.php?id=CVE-2024-41367
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2397 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41368
https://notcve.org/view.php?id=CVE-2024-41368
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2396 • CWE-94: Improper Control of Generation of Code ('Code Injection') •