CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3044 – Graphic on-click binding allows unchecked script execution
https://notcve.org/view.php?id=CVE-2024-3044
14 May 2024 — Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. La ejecución de script sin marcar en el enlace gráfico al hacer clic en las versiones afectadas de LibreOffice permite a un atacante crear un documento que, sin aviso, ejecutará script integradas en LibreOffice al hacer cl... • https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-32465 – Git's protections for cloning untrusted repositories can be bypassed
https://notcve.org/view.php?id=CVE-2024-32465
14 May 2024 — If the victim were to clone this repository, it could result in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/05/14/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32352
https://notcve.org/view.php?id=CVE-2024-32352
14 May 2024 — TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través del parámetro "ipsecL2tpEnable" en el binario "cstecgi.cgi". • https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32350
https://notcve.org/view.php?id=CVE-2024-32350
14 May 2024 — TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través del parámetro "ipsecPsk" en el binario "cstecgi.cgi". • https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27939
https://notcve.org/view.php?id=CVE-2024-27939
14 May 2024 — An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27818 – Apple Security Advisory 05-13-2024-4
https://notcve.org/view.php?id=CVE-2024-27818
13 May 2024 — An attacker may be able to cause unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/10 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27829 – Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27829
13 May 2024 — Processing a file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/12 • CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29513
https://notcve.org/view.php?id=CVE-2024-29513
13 May 2024 — An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. Un problema en briscKernelDriver.sys en BlueRiSC WindowsSCOPE Cyber Forensics anterior a 3.3 permite a un atacante local ejecutar código arbitrario dentro del controlador y crear una condición de denegación de servicio local debido a que s... • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-34225
https://notcve.org/view.php?id=CVE-2024-34225
13 May 2024 — Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. Vulnerabilidad de Cross Site Scripting en php-lms/admin/?page=system_info en Computer Laboratory Management System que utiliza PHP y MySQL 1.0 permite a atacantes remotos inyectar script web o HTML de su elección mediante los parámetros de nombre y nombre corto. • https://github.com/dovankha/CVE-2024-34225 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34340 – Authentication Bypass when using using older password hashes
https://notcve.org/view.php?id=CVE-2024-34340
13 May 2024 — An attacker could possibly use this issue to perform arbitrary code execution. • https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •