CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50809
https://notcve.org/view.php?id=CVE-2023-50809
This can result in remote code execution within the kernel. • https://www.sonos.com/en-us/security-advisory-2024-0001 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38219 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38219
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42366 – VR Overlay RCE
https://notcve.org/view.php?id=CVE-2024-42366
In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. • https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180 https://github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqph • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42365 – Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
https://notcve.org/view.php?id=CVE-2024-42365
This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. • https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426 https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426 https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8 https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 https://github.com/asterisk/asterisk • CWE-267: Privilege Defined With Unsafe Actions CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7490 – Remote Code Execution in Advanced Software Framework DHCP server
https://notcve.org/view.php?id=CVE-2024-7490
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. • https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •