CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45011 – char: xillybus: Check USB endpoints when probing device
https://notcve.org/view.php?id=CVE-2024-45011
11 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a53d1202aef122894b6e46116a92174a9123db5d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45009 – mptcp: pm: only decrement add_addr_accepted for MPJ req
https://notcve.org/view.php?id=CVE-2024-45009
11 Sep 2024 — A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. ... A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. ... An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/d0876b2284cf8b34dd214b2d0aa21071c345da59 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8639 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8639
11 Sep 2024 — Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8638 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8638
11 Sep 2024 — Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8637 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8637
11 Sep 2024 — Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8636 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8636
11 Sep 2024 — Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-122: Heap-based Buffer Overflow CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27114 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27114
11 Sep 2024 — A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27115 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27115
11 Sep 2024 — A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. ... This leads to the possibility of execution of code on the underlying system when the file is triggered. • https://github.com/theexploiters/CVE-2024-27115-Exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43690
https://notcve.org/view.php?id=CVE-2024-43690
11 Sep 2024 — Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.1... • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32848 – Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32848
11 Sep 2024 — An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •