CVSS: 6.8EPSS: %CPEs: -EXPL: 0CVE-2024-8360 – Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8360
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43804 – OS Command Injection via Port Scan Functionality in Roxy-WI
https://notcve.org/view.php?id=CVE-2024-43804
An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. • https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-5623 – Untrusted search path vulnerability in B&R APROL
https://notcve.org/view.php?id=CVE-2024-5623
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-5622 – Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5622
.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8255 – Path Traversal in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-8255
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. ... An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-02 • CWE-502: Deserialization of Untrusted Data •