CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m https://github.com/argoproj/argo-helm/commit/81dc44c4a5ccd42c799469a78eb96a68048a4987 • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11587 – idcCMS classProvCity.php GetCityOptionJs cross site scripting
https://notcve.org/view.php?id=CVE-2024-11587
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.285657 https://vuldb.com/?ctiid.285657 https://vuldb.com/?submit.442071 https://github.com/Hebing123/cve/issues/75 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11320 – Command Injection leading to RCE via LDAP Misconfiguration
https://notcve.org/view.php?id=CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •