CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45416
https://notcve.org/view.php?id=CVE-2024-45416
An attacker who is able to write a malicious file in the sessions directory can get RCE as root. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45413
https://notcve.org/view.php?id=CVE-2024-45413
An authenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 https://github.com/TuomoKu/SPX-GC https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-45105
https://notcve.org/view.php?id=CVE-2024-45105
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-825: Expired Pointer Dereference •