CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3116 – Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
https://notcve.org/view.php?id=CVE-2024-3116
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. pgAdmin <= 8.4 se ve afectado por una vulnerabilidad de ejecución remota de código (RCE) a través de la API de validación de ruta binaria. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario en el servidor que aloja PGAdmin, lo que representa un grave riesgo para la integridad del sistema de gestión de la base de datos y la seguridad de los datos subyacentes. pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. • https://github.com/TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4 https://gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98 https://github.com/pgadmin-org/pgadmin4/issues/7326 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3159 – Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3159
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. ... (Severidad de seguridad de Chrome: alta) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. ... An attacker can leverage this vulnerability to execute code in the context of the current process at low integrity. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/330760873 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2692 – SiYuan 3.0.3 - RCE via Server Side XSS
https://notcve.org/view.php?id=CVE-2024-2692
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. La versión 3.0.3 de SiYuan permite ejecutar comandos arbitrarios en el servidor. Esto es posible porque la aplicación es vulnerable al Server Side XSS. • https://fluidattacks.com/advisories/dezco https://github.com/siyuan-note/siyuan • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 88%CPEs: 40EXPL: 9CVE-2024-3273 – D-Link Multiple NAS Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3273
When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. • https://github.com/Chocapikk/CVE-2024-3273 https://github.com/adhikara13/CVE-2024-3273 https://github.com/ThatNotEasy/CVE-2024-3273 https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT https://github.com/mrrobot0o/CVE-2024-3273- https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273 https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE https://github.com/netsecfish/dlink https& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 40EXPL: 2CVE-2024-3272 – D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2024-3272
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. • https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE https://github.com/netsecfish/dlink https://supportannouncement.us.dlink.com/security/publication.aspx? • CWE-798: Use of Hard-coded Credentials •