CVSS: 8.5EPSS: %CPEs: 1EXPL: 0CVE-2024-12677 – Delta Electronics DTM Soft Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-12677
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=dtm&sort_expr=cdate&sort_dir=DESC https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-03 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56327 – Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage
https://notcve.org/view.php?id=CVE-2024-56327
pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. • https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c https://github.com/advisories/GHSA-4fg7-vxc8-qx5w https://github.com/woodruffw/pyrage/security/advisories/GHSA-47h8-jmp3-9f28 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12729
https://notcve.org/view.php?id=CVE-2024-12729
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12672 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-12672
If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12728
https://notcve.org/view.php?id=CVE-2024-12728
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-1391: Use of Weak Credentials •