CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47946 – OS Command Execution through Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-47946
05 Dec 2024 — If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. ... The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data". Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal to 7.42... • https://packetstorm.news/files/id/182979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30963
https://notcve.org/view.php?id=CVE-2024-30963
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30961
https://notcve.org/view.php?id=CVE-2024-30961
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30964
https://notcve.org/view.php?id=CVE-2024-30964
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30962
https://notcve.org/view.php?id=CVE-2024-30962
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37862
https://notcve.org/view.php?id=CVE-2024-37862
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37860
https://notcve.org/view.php?id=CVE-2024-37860
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-12138 – horilla create_skills deserialization
https://notcve.org/view.php?id=CVE-2024-12138
04 Dec 2024 — A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Sp1d3rL1/horilla-RCE • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40717
https://notcve.org/view.php?id=CVE-2024-40717
04 Dec 2024 — A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. ... The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. • https://www.veeam.com/kb4693 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48453
https://notcve.org/view.php?id=CVE-2024-48453
04 Dec 2024 — An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function Un problema en INOVANCE AM401_CPU1608TPTN permite que un atacante remoto ejecute código arbitrario a través de la función ExecuteUserProgramUpgrade • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48453.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •