CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11034 – Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form
https://notcve.org/view.php?id=CVE-2024-11034
The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/get-a-quote-button-for-woocommerce/tags/1.3.9/includes/class-ajax.php#L31 https://plugins.trac.wordpress.org/changeset/3195227 https://wordpress.org/plugins/get-a-quote-button-for-woocommerce/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/3ccd3504-5663-48cd-90bc-502c2ce232f7?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10220 – Arbitrary command execution through gitRepo volume
https://notcve.org/view.php?id=CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. • https://github.com/kubernetes/kubernetes/issues/128885 https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko http://www.openwall.com/lists/oss-security/2024/11/20/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38117 – Possible Remote Code Execution Vulnerability OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38117
Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52052 – Stream Target Remote Code Execution in Wowza Streaming Engine
https://notcve.org/view.php?id=CVE-2024-52052
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. • https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •