CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-2421 – LenelS2 NetBox Improper Neutralization of Special Elements
https://notcve.org/view.php?id=CVE-2024-2421
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions. Se descubrió que el sistema de monitoreo de eventos y control de acceso LenelS2 NetBox contenía un RCE no autenticado en versiones anteriores a la 5.6.1 incluida, lo que permite a un atacante ejecutar comandos maliciosos con permisos elevados. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36886 – tipc: fix UAF in error path
https://notcve.org/view.php?id=CVE-2024-36886
The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct sk_buff", which may lead to remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://git.kernel.org/stable/c/1149557d64c97dc9adf3103347a1c0e8c06d3b89 https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40 https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1 https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684 https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14 https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682 https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb23 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-3300 – Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
https://notcve.org/view.php?id=CVE-2024-3300
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. • https://www.3ds.com/vulnerability/advisories • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3301 – Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
https://notcve.org/view.php?id=CVE-2024-3301
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. • https://www.3ds.com/vulnerability/advisories • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5345 – Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-5345
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/responsive-owl-carousel-elementor/trunk/includes/widgets/owl-carousel.php#L669 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •