CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38814 – VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38814
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. ... An attacker can leverage this vulnerability to execute code in the context of the postgres user. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20512 – Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20512
A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmpdm-rxss-tAX76U3k • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-20460 – Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20460
A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9348 – Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
https://notcve.org/view.php?id=CVE-2024-9348
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Docker Desktop anterior a v4.34.3 permite RCE a través de un enlace de origen de GitHub no desinfectado en la vista de compilación. • https://docs.docker.com/desktop/release-notes/#4343 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-45257 – BYOB Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-45257
https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob •