CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39091
https://notcve.org/view.php?id=CVE-2024-39091
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. • https://joerngermany.github.io/mipc_vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-7589 – OpenSSH pre-authentication async signal safety issue
https://notcve.org/view.php?id=CVE-2024-7589
This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. • https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc https://www.cve.org/CVERecord?id=CVE-2006-5051 https://www.cve.org/CVERecord?id=CVE-2024-6387 • CWE-364: Signal Handler Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42469 – CometVisu Backend for openHAB affected by RCE through path traversal
https://notcve.org/view.php?id=CVE-2024-42469
If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. • https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42467 – CometVisu Backend for openHAB affected by SSRF/XSS
https://notcve.org/view.php?id=CVE-2024-42467
Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. ... This issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities. • https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83 https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-32765 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-32765
If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of admin. • https://www.qnap.com/en/security-advisory/qsa-24-14 • CWE-291: Reliance on IP Address for Authentication CWE-306: Missing Authentication for Critical Function •