CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24061
https://notcve.org/view.php?id=CVE-2020-24061
12 Sep 2024 — Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script • https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2024-29847 – Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29847
12 Sep 2024 — Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://packetstorm.news/files/id/181519 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45028 – mmc: mmc_test: Fix NULL dereference on allocation failure
https://notcve.org/view.php?id=CVE-2024-45028
11 Sep 2024 — Also change the error code to -ENOMEM instead of returning success. ... Also change the error code to -ENOMEM instead of returning success. ... An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/2661081f5ab9cb25359d27f88707a018cf4e68e9 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-45026 – s390/dasd: fix error recovery leading to data corruption on ESE devices
https://notcve.org/view.php?id=CVE-2024-45026
11 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45025 – fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
https://notcve.org/view.php?id=CVE-2024-45025
11 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45018 – netfilter: flowtable: initialise extack before use
https://notcve.org/view.php?id=CVE-2024-45018
11 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c29f74e0df7a02b8303bcdce93a7c0132d62577a • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45011 – char: xillybus: Check USB endpoints when probing device
https://notcve.org/view.php?id=CVE-2024-45011
11 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a53d1202aef122894b6e46116a92174a9123db5d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45009 – mptcp: pm: only decrement add_addr_accepted for MPJ req
https://notcve.org/view.php?id=CVE-2024-45009
11 Sep 2024 — A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. ... A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. ... An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/d0876b2284cf8b34dd214b2d0aa21071c345da59 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27114 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27114
11 Sep 2024 — A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27115 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27115
11 Sep 2024 — A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. ... This leads to the possibility of execution of code on the underlying system when the file is triggered. • https://github.com/theexploiters/CVE-2024-27115-Exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •