CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7961 – Rockwell Automation Path Traversal Vulnerability in Pavilion8®
https://notcve.org/view.php?id=CVE-2024-7961
If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 21EXPL: 0CVE-2024-20430 – Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20430
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.... A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8696 – A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8696
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8695 – A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8695
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45826 – ThinManager® Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45826
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •