CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6144 – Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6144
18 Jun 2024 — Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-807 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6154 – Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6154
18 Jun 2024 — An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. An attacker can leverage thi... • https://www.zerodayinitiative.com/advisories/ZDI-24-804 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5574 – WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-5574
18 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/wp-magazine-modules-lite/trunk/includes/src/banner/element.php#L1363 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-39470 – PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39470
18 Jun 2024 — PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacke... • https://www.papercut.com/kb/Main/SecurityBulletinJune2023 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5853 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5853
18 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6132 – Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6132
18 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-pexels-free-stock-photos/trunk/settings.php#L239 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6145 – Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6145
18 Jun 2024 — Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the context of the ... • https://www.zerodayinitiative.com/advisories/ZDI-24-808 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6153 – Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-6153
18 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this in co... • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6142 – Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6142
18 Jun 2024 — Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the ... • https://www.zerodayinitiative.com/advisories/ZDI-24-805 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37821
https://notcve.org/view.php?id=CVE-2024-37821
18 Jun 2024 — An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. • http://dolibarr.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •