CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5245 – NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5245
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004 https://www.zerodayinitiative.com/advisories/ZDI-24-496 • CWE-1392: Use of Default Credentials •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-5246 – NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5246
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/Abdurahmon3236/CVE-2024-5246 https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004 https://www.zerodayinitiative.com/advisories/ZDI-24-497 • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30279 – ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30279
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4662 – Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4662
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. ... This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges. • https://oxygenbuilder.com/oxygen-4-8-3-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •