CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12798 – JaninoEventEvaluator vulnerability
https://notcve.org/view.php?id=CVE-2024-12798
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. • https://logback.qos.ch/news.html#1.5.13 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47093 – Fix various XSS issues and potential RCE
https://notcve.org/view.php?id=CVE-2024-47093
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS • https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd https://github.com/NagVis/nagvis/commit/b5b1164007439de526df7d54d5c02d7732ba1c42 https://www.nagvis.org/downloads/changelog/1.9.42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12820
https://notcve.org/view.php?id=CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. • https://fortiguard.fortinet.com/psirt/FG-IR-20-083 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12819
https://notcve.org/view.php?id=CVE-2020-12819
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context • https://fortiguard.com/advisory/FG-IR-20-082 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11157 – Rockwell Automation Third Party Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-11157
If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •