CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39227
https://notcve.org/view.php?id=CVE-2024-39227
This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-39226
https://notcve.org/view.php?id=CVE-2024-39226
This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34344 – Remote code execution via the browser when running the test locally in nuxt
https://notcve.org/view.php?id=CVE-2024-34344
Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. • https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23657 – Path Traversal: '../filedir' in Nuxt Devtools
https://notcve.org/view.php?id=CVE-2024-23657
In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. The `getTextAssetContent` function does not check for path traversals, this could allow an attacker to read arbitrary files over the RPC WebSocket. • https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14 https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L88C48-L88C48 https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L96C11-L96C28 https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts#L109 https://github.com/nuxt/nuxt/secu • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenTextâ„¢ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
The vulnerability could cause remote code execution attack. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •