CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12700 – Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2024-12700
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. ... The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://aggregate.digital/downloads.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12829 – Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12829
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1717 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12830 – Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12830
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... An attacker can leverage this vulnerability to execute code in the context of the www-data user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... An attacker can leverage this vulnerability to execute code in the context of the www-data user. • https://www.zerodayinitiative.com/advisories/ZDI-24-1718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12832 – Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-12832
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. ... This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. • https://www.zerodayinitiative.com/advisories/ZDI-24-1719 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12695
https://notcve.org/view.php?id=CVE-2024-12695
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html https://issues.chromium.org/issues/383647255 • CWE-787: Out-of-bounds Write •