CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51377
https://notcve.org/view.php?id=CVE-2024-51377
An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-51377 https://github.com/ladybirdweb/faveo-helpdesk/issues/8303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10573 – Mpg123: buffer overflow when writing decoded pcm samples
https://notcve.org/view.php?id=CVE-2024-10573
Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. • https://access.redhat.com/security/cve/CVE-2024-10573 https://bugzilla.redhat.com/show_bug.cgi?id=2322980 https://mpg123.org/cgi-bin/news.cgi#2024-10-26 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43383 – Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
https://notcve.org/view.php?id=CVE-2024-43383
This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. • https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21537
https://notcve.org/view.php?id=CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. • https://github.com/antonk52/lilconfig/commit/2c68a1ab8764fc74acc46771e1ad39ab07a9b0a7 https://github.com/antonk52/lilconfig/pull/48 https://github.com/antonk52/lilconfig/releases/tag/v3.1.1 https://security.snyk.io/vuln/SNYK-JS-LILCONFIG-6263789 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39332
https://notcve.org/view.php?id=CVE-2024-39332
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. • https://herolab.usd.de/security-advisories/usd-2024-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •