CVSS: 8.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-49105 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49105
10 Dec 2024 — Remote Desktop Client Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49535 – Acrobat Reader | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
https://notcve.org/view.php?id=CVE-2024-49535
10 Dec 2024 — Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. This vulnerability allows an attacker to provide malicious XML input containing a reference to an external entity, leading to data disclosure or potentially code execution. • https://helpx.adobe.com/security/products/acrobat/apsb24-92.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49530 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-49530
10 Dec 2024 — Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-92.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11772
https://notcve.org/view.php?id=CVE-2024-11772
10 Dec 2024 — Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11634
https://notcve.org/view.php?id=CVE-2024-11634
10 Dec 2024 — Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11633
https://notcve.org/view.php?id=CVE-2024-11633
10 Dec 2024 — Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54008 – Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform
https://notcve.org/view.php?id=CVE-2024-54008
10 Dec 2024 — An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04765en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53247 – Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app
https://notcve.org/view.php?id=CVE-2024-53247
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “... • https://advisory.splunk.com/advisories/SVD-2024-1205 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49128 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49128
10 Dec 2024 — Windows Remote Desktop Services Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128 • CWE-416: Use After Free CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49127 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49127
10 Dec 2024 — Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127 • CWE-416: Use After Free •