CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23922 – Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23922
21 Jun 2024 — Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939 This vulnera... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6248 – Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6248
21 Jun 2024 — Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. ... An attacker can leverage this in conjunction with other vulnerabilities to execute
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23959 – Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23959
21 Jun 2024 — Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute co... • https://www.zerodayinitiative.com/advisories/ZDI-24-851 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23960 – Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability
https://notcve.org/view.php?id=CVE-2024-23960
21 Jun 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-845 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37671
https://notcve.org/view.php?id=CVE-2024-37671
21 Jun 2024 — Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. • http://docubase.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23961 – Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23961
21 Jun 2024 — Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23306 This vulnerability allows p... • https://www.zerodayinitiative.com/advisories/ZDI-24-849 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23973 – Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23973
21 Jun 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute code in the context of the devi... • https://community.silabs.com/a45Vm0000000Atp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-24731 – Silicon Labs Gecko OS http_download Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-24731
21 Jun 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute code in the context of the devi... • https://community.silabs.com/a45Vm0000000Atp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37228 – WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37228
21 Jun 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23923 – Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23923
21 Jun 2024 — Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22945 This vulnerability allows network-adj... • https://www.zerodayinitiative.com/advisories/ZDI-24-844 • CWE-416: Use After Free •