CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46673 – scsi: aacraid: Fix double-free on probe failure
https://notcve.org/view.php?id=CVE-2024-46673
13 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8e0c5ebde82b08f6d996e11983890fc4cc085fab •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44430
https://notcve.org/view.php?id=CVE-2024-44430
13 Sep 2024 — SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8242 – MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8242
12 Sep 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L1053 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7961 – Rockwell Automation Path Traversal Vulnerability in Pavilion8®
https://notcve.org/view.php?id=CVE-2024-7961
12 Sep 2024 — If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 21EXPL: 0CVE-2024-20430 – Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20430
12 Sep 2024 — A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.... A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8696 – A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8696
12 Sep 2024 — A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8695 – A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8695
12 Sep 2024 — A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45826 – ThinManager® Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45826
12 Sep 2024 — CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. ... CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45824 – FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
https://notcve.org/view.php?id=CVE-2024-45824
12 Sep 2024 — The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. ... CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28991 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28991
12 Sep 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code