CVSS: 9.8EPSS: 0%CPEs: -EXPL: 3CVE-2024-31819 – AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-31819
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. • https://github.com/Chocapikk/CVE-2024-31819 https://github.com/Jhonsonwannaa/CVE-2024-31819 https://github.com/dream434/CVE-2024-31819 https://chocapikk.com/posts/2024/cve-2024-31819 https://github.com/WWBN https://github.com/WWBN/AVideo • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-29504
https://notcve.org/view.php?id=CVE-2024-29504
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. • https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b https://github.com/summernote/summernote/pull/3782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3120 – Stack-Buffer Overflow in 'Content-Length' and 'Warning' Header Processing in sngrep
https://notcve.org/view.php?id=CVE-2024-3120
This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. • https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6 https://github.com/irontec/sngrep/releases/tag/v1.8.1 https://pentraze.com/vulnerability-reports • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3119 – Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
https://notcve.org/view.php?id=CVE-2024-3119
This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. • https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f https://github.com/irontec/sngrep/releases/tag/v1.8.1 https://pentraze.com/vulnerability-reports • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25115 – RedisBloom heap buffer overflow in CF.LOADCHUNK command
https://notcve.org/view.php?id=CVE-2024-25115
Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. • https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •