CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38456
https://notcve.org/view.php?id=CVE-2024-38456
A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001 https://www.vivavis.com/en/solution/scada-en/high-leit https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42902
https://notcve.org/view.php?id=CVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function • https://bugs.limesurvey.org/view.php?id=19639 https://github.com/LimeSurvey/LimeSurvey/blob/6434b12ded1c4b6516200c453441d0896e11eee0/vendor/kcfinder/js_localize.php#L19 https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42902 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42901
https://notcve.org/view.php?id=CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://github.com/LimeSurvey/LimeSurvey/pull/3884 https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. •