CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11946 – iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2024-11946
06 Dec 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-54262 – WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54262
06 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-54262 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12130 – Rockwell Automation Arena® Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-12130
05 Dec 2024 — An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could lev... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
05 Dec 2024 — An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attacke... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11156 – Rockwell Automation Arena® Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-11156
05 Dec 2024 — An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitr... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11155 – Rockwell Automation Arena® Use After Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-11155
05 Dec 2024 — A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execu... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12235 – Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control
https://notcve.org/view.php?id=CVE-2024-12235
05 Dec 2024 — A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. • https://github.com/sweatxi/rce/blob/main/AgileBPM_vertical_overreach.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-48840 – Unauthorized Access
https://notcve.org/view.php?id=CVE-2024-48840
05 Dec 2024 — Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an unauthenticated shell command execution vulnerability through the deployStart.php script. This allows any user to trigger the execution of rundeploy.sh script, which initializes the Java deployment server that sets various configurations, potentially causing unaut... • https://packetstorm.news/files/id/183179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 6CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
05 Dec 2024 — Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. ... This... • https://packetstorm.news/files/id/183448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41137 – Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
https://notcve.org/view.php?id=CVE-2022-41137
05 Dec 2024 — Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (... • https://github.com/apache/hive • CWE-502: Deserialization of Untrusted Data •