CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42779
https://notcve.org/view.php?id=CVE-2024-42779
21 Aug 2024 — This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42780
https://notcve.org/view.php?id=CVE-2024-42780
21 Aug 2024 — This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42777
https://notcve.org/view.php?id=CVE-2024-42777
21 Aug 2024 — action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20SignUp.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43867 – drm/nouveau: prime: fix refcount underflow
https://notcve.org/view.php?id=CVE-2024-43867
20 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43863 – drm/vmwgfx: Fix a deadlock in dma buf fence polling
https://notcve.org/view.php?id=CVE-2024-43863
20 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/2298e804e96eb3635c39519c8287befd92460303 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43861 – net: usb: qmi_wwan: fix memory leak for not ip packets
https://notcve.org/view.php?id=CVE-2024-43861
20 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c6adf77953bcec0ad63d7782479452464e50f7a3 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42362 – GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
https://notcve.org/view.php?id=CVE-2024-42362
20 Aug 2024 — Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. • https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42363 – GHSL-2023-136_Samson
https://notcve.org/view.php?id=CVE-2024-42363
20 Aug 2024 — This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385. • https://securitylab.github.com/advisories/GHSL-2023-136_Samson • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43404 – Remote Code Execution Vulnerability in MEGABOT
https://notcve.org/view.php?id=CVE-2024-43404
20 Aug 2024 — The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. • https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 1CVE-2024-21689
https://notcve.org/view.php?id=CVE-2024-21689
20 Aug 2024 — This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user inter... • https://github.com/salvadornakamura/CVE-2024-21689 •