CVE-2024-33616 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-33616
308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. •
CVE-2024-34162 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34162
308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. •
CVE-2024-3904
https://notcve.org/view.php?id=CVE-2024-3904
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. • https://jvn.jp/vu/JVNVU91215350/index.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf • CWE-276: Incorrect Default Permissions •
CVE-2024-37418 – WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37418
This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-39930
https://notcve.org/view.php?id=CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. • https://github.com/gogs/gogs/releases https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1 https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •