CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9579 – Certain Poly Video Conference Devices – Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9579
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. • https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-7059
https://notcve.org/view.php?id=CVE-2024-7059
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. • https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47253
https://notcve.org/view.php?id=CVE-2024-47253
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48746
https://notcve.org/view.php?id=CVE-2024-48746
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component Un problema en la integración de Lens Visual con Power BI v.4.0.0.3 permite que un atacante remoto ejecute código arbitrario a través del componente de procesamiento de lenguaje natural. • https://gist.github.com/KaiqueFerreiraPeres/a56c33104a52019c533e4283c257d3a0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-51132
https://notcve.org/view.php?id=CVE-2024-51132
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. • https://github.com/JAckLosingHeart/CVE-2024-51132-POC https://github.com/hapifhir/org.hl7.fhir.core • CWE-611: Improper Restriction of XML External Entity Reference •