CVE-2024-23147 – Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23147
This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-23146 – Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23146
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-787: Out-of-bounds Write •
CVE-2024-37855
https://notcve.org/view.php?id=CVE-2024-37855
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. • https://github.com/sudo-subho/nepstech-xpon-router-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-35527
https://notcve.org/view.php?id=CVE-2024-35527
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. • https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5431 – WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-5431
This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution • https://plugins.trac.wordpress.org/browser/wp-cafe/tags/2.2.25/core/shortcodes/views/reservation/reservation-form-template.php#L178 https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •