CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46890
https://notcve.org/view.php?id=CVE-2024-46890
12 Nov 2024 — This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44102
https://notcve.org/view.php?id=CVE-2024-44102
12 Nov 2024 — The affected system allows remote users to send maliciously crafted objects. ... This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. • https://cert-portal.siemens.com/productcert/html/ssa-454789.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-32736
https://notcve.org/view.php?id=CVE-2023-32736
12 Nov 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. ... This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-871035.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47590 – Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2024-47590
12 Nov 2024 — When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. • https://me.sap.com/notes/3520281 • CWE-791: Incomplete Filtering of Special Elements •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-28726
https://notcve.org/view.php?id=CVE-2024-28726
12 Nov 2024 — An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. • https://github.com/Mrnmap/mrnmap-cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9712 – Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9712
12 Nov 2024 — Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1473 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9713 – Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9713
12 Nov 2024 — Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. ... An attacker can leverage this vulnerability to execute code in the context of the curre... • https://www.zerodayinitiative.com/advisories/ZDI-24-1474 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9714 – Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9714
12 Nov 2024 — Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1483 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9720 – Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9720
12 Nov 2024 — Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context... • https://www.zerodayinitiative.com/advisories/ZDI-24-1477 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9721 – Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9721
12 Nov 2024 — Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1482 • CWE-416: Use After Free •