CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-57556
https://notcve.org/view.php?id=CVE-2024-57556
23 Jan 2025 — Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component • https://github.com/nbubna/store/issues/127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-57386
https://notcve.org/view.php?id=CVE-2024-57386
23 Jan 2025 — Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. • https://github.com/PawaritSanguanpang/CVEs/tree/main/Wallos/CVE-2024-57386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31903 – IBM Sterling B2B Integrator Standard Edition code execution
https://notcve.org/view.php?id=CVE-2024-31903
22 Jan 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. • https://www.ibm.com/support/pages/node/7172233 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49749
https://notcve.org/view.php?id=CVE-2024-49749
21 Jan 2025 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49748
https://notcve.org/view.php?id=CVE-2024-49748
21 Jan 2025 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49747
https://notcve.org/view.php?id=CVE-2024-49747
21 Jan 2025 — In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43771
https://notcve.org/view.php?id=CVE-2024-43771
21 Jan 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43770
https://notcve.org/view.php?id=CVE-2024-43770
21 Jan 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43096
https://notcve.org/view.php?id=CVE-2024-43096
21 Jan 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51941 – Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
https://notcve.org/view.php?id=CVE-2024-51941
21 Jan 2025 — A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. • https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •