CVE-2024-8504 – VICIdial Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8504
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. • https://github.com/Chocapikk/CVE-2024-8504 https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt https://www.vicidial.org/vicidial.php • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-43495 – Windows libarchive Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43495
Windows libarchive Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43495 • CWE-190: Integer Overflow or Wraparound •
CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43491
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491 • CWE-416: Use After Free •
CVE-2024-43479 – Microsoft Power Automate Desktop Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43479
Microsoft Power Automate Desktop Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479 • CWE-284: Improper Access Control •
CVE-2024-43469 – Azure CycleCloud Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43469
Azure CycleCloud Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •