CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42745
https://notcve.org/view.php?id=CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands. In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUPnPCfg/setUPnPCfg.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-31315 – hw: amd: SMM Lock Bypass
https://notcve.org/view.php?id=CVE-2023-31315
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. ... This issue can lead to arbitrary code execution. • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://access.redhat.com/security/cve/CVE-2023-31315 https://bugzilla.redhat.com/show_bug.cgi?id=2279283 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22123 – Zabbix Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-22123
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. • https://support.zabbix.com/browse/ZBX-25013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22116 – Remote code execution within ping script
https://notcve.org/view.php?id=CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. • https://support.zabbix.com/browse/ZBX-25016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-50810
https://notcve.org/view.php?id=CVE-2023-50810
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. • https://www.sonos.com/en-us/security-advisory-2024-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •