CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51634 – NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51634
10 Jun 2024 — NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51635 – NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51635
10 Jun 2024 — NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. ... An attacker can leverage this vulnerability to execute code in the context of roo... • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39179 – Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39179
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-39179 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
10 Jun 2024 — Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39176 – Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39176
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-39176 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36528
https://notcve.org/view.php?id=CVE-2024-36528
10 Jun 2024 — nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. • https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4458 – Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-4458
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-4458 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36531
https://notcve.org/view.php?id=CVE-2024-36531
10 Jun 2024 — nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. • https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5723 – Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5723
10 Jun 2024 — Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. An attacker can lever... • https://www.zerodayinitiative.com/advisories/ZDI-24-595 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5725 – Centreon initCurveList SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5725
10 Jun 2024 — Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. An attacker can leverage ... • https://www.zerodayinitiative.com/advisories/ZDI-24-597 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •