CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38229 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38229
.NET and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229 https://access.redhat.com/security/cve/CVE-2024-38229 https://bugzilla.redhat.com/show_bug.cgi?id=2316161 • CWE-416: Use After Free •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43480 – Azure Service Fabric for Linux Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43480
Azure Service Fabric for Linux Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38261 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38261
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow CWE-126: Buffer Over-read •
CVSS: 7.2EPSS: 4%CPEs: -EXPL: 0CVE-2024-9380 – Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8422 – Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8422
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf • CWE-416: Use After Free •