CVE-2024-1574

MEDIUM Year: 2024
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-470
View all →

Vulnerability Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.

Related Vulnerabilities

CVE-2023-37207

MEDIUM
CVSS:6.5(Medium)

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing...

CWE-4702023

CVE-2018-5511

HIGH
CVSS:7.2(High)

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, ...

CWE-4702018

CVE-2024-8015

HIGH
CVSS:7.2(High)

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

CWE-4702024

CVE-2023-0460

HIGH
CVSS:7.3(High)

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T...

CWE-4702023

CVE-2019-20635

MEDIUM
CVSS:6.1(Medium)

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

CWE-4702019

CVE-2024-22258

MEDIUM
CVSS:6.1(Medium)

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an ap...

CWE-4702024