CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22399 – Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
https://notcve.org/view.php?id=CVE-2024-22399
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. • https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39613 – RCE in desktop app in Windows by local attacker
https://notcve.org/view.php?id=CVE-2024-39613
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45695 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45695
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45694 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45694
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •