CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52567 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52567
The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. ... (ZDI-CAN-24237) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52566 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52566
The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. ... (ZDI-CAN-24233) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52565 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52565
The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. ... (ZDI-CAN-24231) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41151 – Apache HertzBeat: RCE by notice template injection vulnerability
https://notcve.org/view.php?id=CVE-2024-41151
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45505 – Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45505
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0 https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •