CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37860
https://notcve.org/view.php?id=CVE-2024-37860
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37862
https://notcve.org/view.php?id=CVE-2024-37862
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11289 – Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-11289
05 Dec 2024 — This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. • https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-28139 – Privilege escalation through sudo misconfiguration
https://notcve.org/view.php?id=CVE-2024-28139
05 Dec 2024 — The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. ... Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal to 7.42, or versions prior to 7.42B suffer from OS command injection, privilege escalation, violation of least privilege principle, cross site request forgery, persistent cross site scripting, insecure password change, broken access control, remote SQL i... • https://packetstorm.news/files/id/182979 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28140 – Violation of Least Privilege Principle
https://notcve.org/view.php?id=CVE-2024-28140
05 Dec 2024 — Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal to 7.42, or versions prior to 7.42B suffer from OS command injection, privilege escalation, violation of least privilege principle, cross site request forgery, persistent cross site scripting, insecure password change, broken access control, remote SQL injection, and hardcoded credential vulnerabilities. • https://packetstorm.news/files/id/182979 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30961
https://notcve.org/view.php?id=CVE-2024-30961
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30963
https://notcve.org/view.php?id=CVE-2024-30963
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30964
https://notcve.org/view.php?id=CVE-2024-30964
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47946 – OS Command Execution through Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-47946
05 Dec 2024 — If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. ... The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data". Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal to 7.42... • https://packetstorm.news/files/id/182979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54225 – WordPress Designer plugin <= 1.3.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-54225
05 Dec 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodegearThemes Designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through 1.3.3. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obta... • https://patchstack.com/database/wordpress/plugin/designer/vulnerability/wordpress-designer-plugin-1-3-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •