CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49522 – Substance3D - Painter | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-49522
05 Nov 2024 — Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9579 – Certain Poly Video Conference Devices – Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9579
05 Nov 2024 — A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. • https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7059
https://notcve.org/view.php?id=CVE-2024-7059
05 Nov 2024 — A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. A high-severity vulnerability that can lead to arbitrary code execution was found in the Genetec Security Center product line. • https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47255
https://notcve.org/view.php?id=CVE-2024-47255
05 Nov 2024 — In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. • https://www.2n.com/en-GB/about-2n/cybersecurity • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47253
https://notcve.org/view.php?id=CVE-2024-47253
05 Nov 2024 — In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. • https://www.2n.com/en-GB/about-2n/cybersecurity • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51358
https://notcve.org/view.php?id=CVE-2024-51358
05 Nov 2024 — An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. • https://github.com/Kov404/CVE-2024-51358 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48746
https://notcve.org/view.php?id=CVE-2024-48746
05 Nov 2024 — An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component Un problema en la integración de Lens Visual con Power BI v.4.0.0.3 permite que un atacante remoto ejecute código arbitrario a través del componente de procesamiento de lenguaje natural. • https://gist.github.com/KaiqueFerreiraPeres/a56c33104a52019c533e4283c257d3a0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-51132 – org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
https://notcve.org/view.php?id=CVE-2024-51132
05 Nov 2024 — An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. ... This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. ... Issues addressed include a code execution vulnerability. • https://github.com/JAckLosingHeart/CVE-2024-51132-POC • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10035 – Code Injection in BG-TEK's CoslatV3
https://notcve.org/view.php?id=CVE-2024-10035
04 Nov 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. • https://www.usom.gov.tr/bildirim/tr-24-1814 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10761 – Umbraco CMS Dashboard frame cross site scripting
https://notcve.org/view.php?id=CVE-2024-10761
04 Nov 2024 — A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. • https://vuldb.com/?ctiid.282930 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •