CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42901
https://notcve.org/view.php?id=CVE-2024-42901
03 Sep 2024 — A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://github.com/LimeSurvey/LimeSurvey/pull/3884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
02 Sep 2024 — D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2021-42013) – Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
https://notcve.org/view.php?id=CVE-2021-42013)
https://packetstorm.news/files/id/181114 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45508 – Ubuntu Security Notice USN-7225-1
https://notcve.org/view.php?id=CVE-2024-45508
01 Sep 2024 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-44946 – kcm: Serialise kcm_sendmsg() for the same socket.
https://notcve.org/view.php?id=CVE-2024-44946
31 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://github.com/Abdurahmon3236/CVE-2024-44946 •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-44944 – netfilter: ctnetlink: use helper function to calculate expect ID
https://notcve.org/view.php?id=CVE-2024-44944
30 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/7b115755fb9d3aff0ddcd18a5c4d83381362acce •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8359 – Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8359
30 Aug 2024 — Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a sys... • https://www.zerodayinitiative.com/advisories/ZDI-24-1191 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8358 – Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8358
30 Aug 2024 — Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a syst... • https://www.zerodayinitiative.com/advisories/ZDI-24-1190 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
30 Aug 2024 — Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary... • https://www.zerodayinitiative.com/advisories/ZDI-24-1188 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8357 – Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8357
30 Aug 2024 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. • https://www.zerodayinitiative.com/advisories/ZDI-24-1189 • CWE-1326: Missing Immutable Root of Trust in Hardware •