CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12677 – Delta Electronics DTM Soft Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-12677
20 Dec 2024 — Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=dtm&sort_expr=cdate&sort_dir=DESC • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12835 – Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12835
20 Dec 2024 — Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. ... An attacker can leverage this vulnerability to execute code in th... • https://www.zerodayinitiative.com/advisories/ZDI-24-1723 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12828 – Webmin CGI Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12828
20 Dec 2024 — Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code... • https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12729
https://notcve.org/view.php?id=CVE-2024-12729
19 Dec 2024 — A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12672 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-12672
19 Dec 2024 — If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. ... If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12728
https://notcve.org/view.php?id=CVE-2024-12728
19 Dec 2024 — A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-1391: Use of Weak Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12727
https://notcve.org/view.php?id=CVE-2024-12727
19 Dec 2024 — A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2020-6923 – HP Linux Imaging and Printing Software - Potential Memory Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-6923
19 Dec 2024 — A remote attacker could use this issue to cause HPLIP to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://support.hp.com/us-en/document/c06927115 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9154 – Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9154
19 Dec 2024 — A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. ... Ewon Flexy 205 versions 14.8s0 (#2633) and below suffer from an authenticated remote code execution vulnerability. • https://cyberdanube.com/security-research/authenticated-remote-code-execution-in-ewon-flexy-205 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12798 – JaninoEventEvaluator vulnerability
https://notcve.org/view.php?id=CVE-2024-12798
19 Dec 2024 — ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. Malicious logback configuratio... • https://logback.qos.ch/news.html#1.5.13 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •