CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8012 – Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8012
10 Sep 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the RES service, which listens on TCP port 1942 by default. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: 11%CPEs: 2EXPL: 1CVE-2024-8190 – Ivanti Cloud Services Appliance OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8190
10 Sep 2024 — An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. • https://github.com/horizon3ai/CVE-2024-8190 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 5CVE-2024-8504 – VICIdial Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8504
10 Sep 2024 — An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. • https://packetstorm.news/files/id/181953 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43495 – Windows libarchive Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43495
10 Sep 2024 — Windows libarchive Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43495 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43491
10 Sep 2024 — Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491 • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43479 – Microsoft Power Automate Desktop Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43479
10 Sep 2024 — Microsoft Power Automate Desktop Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-43469 – Azure CycleCloud Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43469
10 Sep 2024 — Azure CycleCloud Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-43454 – Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43454
10 Sep 2024 — Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43454 • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-38119 – Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38119
10 Sep 2024 — Windows Network Address Translation (NAT) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2024-38045 – Windows TCP/IP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38045
10 Sep 2024 — Windows TCP/IP Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38045 • CWE-122: Heap-based Buffer Overflow •