CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30962
https://notcve.org/view.php?id=CVE-2024-30962
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11429 – Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-11429
04 Dec 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. • https://plugins.trac.wordpress.org/browser/stars-testimonials-with-slider-and-masonry-grid/tags/3.3.2/plugin.class.php#L1368 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-12138 – horilla create_skills deserialization
https://notcve.org/view.php?id=CVE-2024-12138
04 Dec 2024 — A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Sp1d3rL1/horilla-RCE • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40717
https://notcve.org/view.php?id=CVE-2024-40717
04 Dec 2024 — A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. ... The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. • https://www.veeam.com/kb4693 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48453
https://notcve.org/view.php?id=CVE-2024-48453
04 Dec 2024 — An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function Un problema en INOVANCE AM401_CPU1608TPTN permite que un atacante remoto ejecute código arbitrario a través de la función ExecuteUserProgramUpgrade • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48453.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11872 – Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-11872
04 Dec 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51772 – Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-51772
03 Dec 2024 — An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51771 – Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2024-51771
03 Dec 2024 — A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12053 – Debian Security Advisory 5824-1
https://notcve.org/view.php?id=CVE-2024-12053
03 Dec 2024 — Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-49415 – Samsung S24 APE Decoder Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-49415
03 Dec 2024 — Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. ... Note that this is a fully-remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes. • https://packetstorm.news/files/id/183463 •