CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5271 – Fuji Electric Monitouch V-SFT Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-5271
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-2422 – LenelS2 NetBox Improper Neutralization of Argumented Delimiters
https://notcve.org/view.php?id=CVE-2024-2422
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands. Se descubrió que el sistema de monitoreo de eventos y control de acceso LenelS2 NetBox contiene un RCE autenticado en versiones anteriores a la 5.6.1 incluida, lo que permite a un atacante ejecutar comandos maliciosos. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-2421 – LenelS2 NetBox Improper Neutralization of Special Elements
https://notcve.org/view.php?id=CVE-2024-2421
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions. Se descubrió que el sistema de monitoreo de eventos y control de acceso LenelS2 NetBox contenía un RCE no autenticado en versiones anteriores a la 5.6.1 incluida, lo que permite a un atacante ejecutar comandos maliciosos con permisos elevados. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36886 – tipc: fix UAF in error path
https://notcve.org/view.php?id=CVE-2024-36886
The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct sk_buff", which may lead to remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://git.kernel.org/stable/c/1149557d64c97dc9adf3103347a1c0e8c06d3b89 https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40 https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1 https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684 https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14 https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682 https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb23 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-3300 – Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
https://notcve.org/view.php?id=CVE-2024-3300
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. • https://www.3ds.com/vulnerability/advisories • CWE-502: Deserialization of Untrusted Data •