CVE-2024-38160 – Windows Network Virtualization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38160
Windows Network Virtualization Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-38159 – Windows Network Virtualization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38159
Windows Network Virtualization Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38159 • CWE-416: Use After Free •
CVE-2024-6618 – Path Traversal in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-6618
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). • https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-3913 – Phoenix Contact: Start sequence allows attack during the boot process
https://notcve.org/view.php?id=CVE-2024-3913
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-022 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-41976
https://notcve.org/view.php?id=CVE-2024-41976
This could allow an authenticated remote attacker to execute arbitrary code on the device. • https://cert-portal.siemens.com/productcert/html/ssa-087301.html • CWE-20: Improper Input Validation •