CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25698 – Reflected XSS in Portal for ArcGIS
https://notcve.org/view.php?id=CVE-2024-25698
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-25693 – Portal for ArcGIS has a directory traversal vulnerability.
https://notcve.org/view.php?id=CVE-2024-25693
Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25708 – Persistent XSS when creating new application using Web App Builder
https://notcve.org/view.php?id=CVE-2024-25708
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-3454
https://notcve.org/view.php?id=CVE-2023-3454
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. • https://security.netapp.com/advisory/ntap-20240628-0004 https://support.broadcom.com/external/content/SecurityAdvisories/0/23215 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3298 – Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the DWG and DXF file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
https://notcve.org/view.php?id=CVE-2024-3298
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •