CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12798 – JaninoEventEvaluator vulnerability
https://notcve.org/view.php?id=CVE-2024-12798
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. • https://logback.qos.ch/news.html#1.5.13 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47093 – Fix various XSS issues and potential RCE
https://notcve.org/view.php?id=CVE-2024-47093
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS • https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd https://github.com/NagVis/nagvis/commit/b5b1164007439de526df7d54d5c02d7732ba1c42 https://www.nagvis.org/downloads/changelog/1.9.42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12820
https://notcve.org/view.php?id=CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. • https://fortiguard.fortinet.com/psirt/FG-IR-20-083 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11157 – Rockwell Automation Third Party Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-11157
If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12175 – Rockwell Automation Code Execution Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-12175
If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •