CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9430
https://notcve.org/view.php?id=CVE-2018-9430
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9418
https://notcve.org/view.php?id=CVE-2018-9418
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9413
https://notcve.org/view.php?id=CVE-2018-9413
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53992 – unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload
https://notcve.org/view.php?id=CVE-2024-53992
02 Dec 2024 — unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. unzip-bot es un bot de Telegram que extrae distintos tipos de archivos. Los usuarios podrían aprovechar las entradas no desinfectadas para inyectar comandos maliciosos que se ejecutan... • https://github.com/EDM115/unzip-bot/commit/5213b693eabb562842cdbf21c1074e91bfa00274 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8785 – WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8785
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46909 – WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-46909
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress S... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-16: Configuration CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51768 – Hewlett Packard Enterprise AutoPass License Server hsqldb Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51768
02 Dec 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11391 – Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11391
02 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3199242 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29645
https://notcve.org/view.php?id=CVE-2024-29645
02 Dec 2024 — Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. • https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. ... Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. ... An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •