How severe is CVE-2024-39904?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-39904?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-39904 - HIGH Severity | CVSS 8.8

Vulnerability Description

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1.

Related Vulnerabilities

CVE-2020-25161

HIGH

CVSS:8.8(High)

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administ...

CWE-732020

CVE-2021-3626

HIGH

CVSS:8.8(High)

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es...

CWE-732021

CVE-2022-2431

HIGH

CVSS:8.8(High)

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles...

CWE-732022

CVE-2022-31739

HIGH

CVSS:8.8(High)

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %...

CWE-732022

CVE-2023-35985

HIGH

CVSS:8.8(High)

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted mal...

CWE-732023

CVE-2023-36634

HIGH

CVSS:8.8(High)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions...

CWE-732023