CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVE-2024-47943 – Improper signature verification of firmware upgrade files
https://notcve.org/view.php?id=CVE-2024-47943
This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. • https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2024-9985 – Ragic Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9985
Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-9710 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9710
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to execute code in the context of the service account. •