CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23968 – ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23968
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the con... • https://www.zerodayinitiative.com/advisories/ZDI-24-1050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23969 – ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-23969
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the con... • https://www.zerodayinitiative.com/advisories/ZDI-24-1051 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23971 – ChargePoint Home Flex OCPP bswitch Command Injection
https://notcve.org/view.php?id=CVE-2024-23971
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the con... • https://www.zerodayinitiative.com/advisories/ZDI-24-1053 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40645 – FOG Authenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2024-40645
31 Jul 2024 — An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6973 – Remote Code Execution in Cato Windows SDP client via crafted URLs
https://notcve.org/view.php?id=CVE-2024-6973
31 Jul 2024 — Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. Remote Code Execution in Cato Windows SDP client via crafted URLs. • https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41950 – Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
https://notcve.org/view.php?id=CVE-2024-41950
31 Jul 2024 — Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. • https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37901 – XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
https://notcve.org/view.php?id=CVE-2024-37901
31 Jul 2024 — Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. • https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7352 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7352
31 Jul 2024 — PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current proce... • https://www.zerodayinitiative.com/advisories/ZDI-24-1037 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6233 – Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6233
31 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41630
https://notcve.org/view.php?id=CVE-2024-41630
31 Jul 2024 — Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. • https://palm-vertebra-fe9.notion.site/form_fast_setting_wifi_set-fd47294cf4bb460bb95f804d39e53f34 • CWE-121: Stack-based Buffer Overflow •