CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-8523 – lmxcms SQL Command Execution Module admin.php formatData code injection
https://notcve.org/view.php?id=CVE-2024-8523
m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. ... m=Acquisi&a=testcj&lid=1 der Komponente SQL Command Execution Module. Dank Manipulation des Arguments data mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/gaorenyusi/gaorenyusi/blob/main/lmx.md https://vuldb.com/?ctiid.276728 https://vuldb.com/?id.276728 https://vuldb.com/?submit.399916 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8517 – SPIP Bigup Multipart File Upload OS Command Injection
https://notcve.org/view.php?id=CVE-2024-8517
A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. • https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html https://vulncheck.com/advisories/spip-upload-rce • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45758
https://notcve.org/view.php?id=CVE-2024-45758
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. • https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068 https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb • CWE-502: Deserialization of Untrusted Data •