CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39568
https://notcve.org/view.php?id=CVE-2024-39568
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). ... This could allow an authenticated local attacker to execute arbitrary code with system privileges. • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39567
https://notcve.org/view.php?id=CVE-2024-39567
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). ... This could allow an authenticated local attacker to execute arbitrary code with system privileges. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones < V3.2 HF1). • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32737
https://notcve.org/view.php?id=CVE-2023-32737
09 Jul 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. ... Este es el mismo problema que existe para .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. • https://cert-portal.siemens.com/productcert/html/ssa-313039.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32735
https://notcve.org/view.php?id=CVE-2023-32735
09 Jul 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. ... Este es el mismo problema que existe para .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. • https://cert-portal.siemens.com/productcert/html/ssa-779936.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45147
https://notcve.org/view.php?id=CVE-2022-45147
09 Jul 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. ... Este es el mismo problema que existe para .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. • https://cert-portal.siemens.com/productcert/html/ssa-825651.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39487 – bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
https://notcve.org/view.php?id=CVE-2024-39487
09 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f9de11a165943a55e0fbda714caf60eaeb276a42 •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5974 – Firebox Authenticated Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-5974
09 Jul 2024 — A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. ... A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22020 – nodejs: Bypass network import restriction via data URL
https://notcve.org/view.php?id=CVE-2024-22020
09 Jul 2024 — A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. • http://www.openwall.com/lists/oss-security/2024/07/11/6 • CWE-284: Improper Access Control •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37871
https://notcve.org/view.php?id=CVE-2024-37871
09 Jul 2024 — SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. • https://github.com/TThuyyy/cve1/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37928 – WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37928
09 Jul 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •