CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46960
https://notcve.org/view.php?id=CVE-2024-46960
07 Nov 2024 — The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46961
https://notcve.org/view.php?id=CVE-2024-46961
07 Nov 2024 — The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. • https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51757 – Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
https://notcve.org/view.php?id=CVE-2024-51757
06 Nov 2024 — Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. • https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20528 – Cisco Identity Services Engine Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-20528
06 Nov 2024 — A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. ... A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10827 – Debian Security Advisory 5810-1
https://notcve.org/view.php?id=CVE-2024-10827
06 Nov 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10826 – Debian Security Advisory 5810-1
https://notcve.org/view.php?id=CVE-2024-10826
06 Nov 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47463 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47463
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejec... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47462 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47462
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejec... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47461 – Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
https://notcve.org/view.php?id=CVE-2024-47461
05 Nov 2024 — A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47460 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-47460
05 Nov 2024 — Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •