CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41646
https://notcve.org/view.php?id=CVE-2024-41646
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41647
https://notcve.org/view.php?id=CVE-2024-41647
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41648
https://notcve.org/view.php?id=CVE-2024-41648
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41649
https://notcve.org/view.php?id=CVE-2024-41649
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41650
https://notcve.org/view.php?id=CVE-2024-41650
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54262 – WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54262
06 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-54262 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11944 – iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11944
06 Dec 2024 — iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. ... An attacker can leverage this in conjunction with other vulnerabilities to <... • https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11946 – iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2024-11946
06 Dec 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12130 – Rockwell Automation Arena® Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-12130
05 Dec 2024 — If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
05 Dec 2024 — An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attacke... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •