CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46986 – Arbitrary file write leading to RCE in Camaleon CMS
https://notcve.org/view.php?id=CVE-2024-46986
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). ... This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-34026
https://notcve.org/view.php?id=CVE-2024-34026
A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45679
https://notcve.org/view.php?id=CVE-2024-45679
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 https://jvn.jp/en/jp/JVN42386607 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict https://wha13.github.io/2024/06/13/mfcve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40568
https://notcve.org/view.php?id=CVE-2024-40568
Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component • https://github.com/xiaobye-ctf/My-CVE/tree/main/BTstack/CVE-2024-40568 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •