CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27174 – insecure upload
https://notcve.org/view.php?id=CVE-2024-27174
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27173 – insecure upload
https://notcve.org/view.php?id=CVE-2024-27173
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código sobrescribiendo archivos Python existentes que contienen código ejecutable. • https://github.com/Ieakd/0day-POC-for-CVE-2024-27173 http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27172 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27172
Remote Command program allows an attacker to get Remote Code Execution. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27171 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27171
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27155 – Local Privilege Escalation and Remote Code Execution using insecure permissions
https://notcve.org/view.php?id=CVE-2024-27155
The programs can be replaced by malicious programs by any local or remote attacker. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •