CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41921 – Download of Code Without Integrity Check in Kiloview P1/P2 devices
https://notcve.org/view.php?id=CVE-2023-41921
02 Jul 2024 — A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41917 – Improper input validation in Kiloview P1/P2 devices allows for remote code execution
https://notcve.org/view.php?id=CVE-2023-41917
02 Jul 2024 — Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. Una validación de entrada inadecuada expone el sistema a posibles riesgos de ejecución remota de código (RCE). Los atacantes pueden aprovechar esta vulnerabilidad agregando comandos de shell a la fun... • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51776
https://notcve.org/view.php?id=CVE-2023-51776
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions •
CVSS: 8.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-22106
https://notcve.org/view.php?id=CVE-2024-22106
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-25086
https://notcve.org/view.php?id=CVE-2024-25086
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-26314
https://notcve.org/view.php?id=CVE-2024-26314
02 Jul 2024 — Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37479 – WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37479
02 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-25088
https://notcve.org/view.php?id=CVE-2024-25088
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38366 – CoacoaPods trunk RCE in email verification system rfc-822
https://notcve.org/view.php?id=CVE-2024-38366
01 Jul 2024 — This lookup could be manipulated to also execute a command on the trunk server, effectively giving root access to the server and the infrastructure. ... This RCE triggered a full user-session reset, as an attacker could have used this method to write to any Podspec in trunk. trunk.cocoapods.org es el servidor de autenticación para el administrador de dependencias de CoacoaPods. ... Este RCE desencadenó un restablecimiento completo de la sesión del usuario, ya... • https://evasec.webflow.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#2-remote-code-execution-on-the-cocoapods-trunk-server • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38477 – Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
https://notcve.org/view.php?id=CVE-2024-38477
01 Jul 2024 — A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ... A remote attacker could possibly use this issue to bypass authentication. ... A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. ... A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attac... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •