CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20443
https://notcve.org/view.php?id=CVE-2024-20443
An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 3CVE-2024-43044 – jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
https://notcve.org/view.php?id=CVE-2024-43044
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. ... The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller's file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE) • https://github.com/v9d0g/CVE-2024-43044-POC https://github.com/HwMex0/CVE-2024-43044 https://github.com/convisolabs/CVE-2024-43044-jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 https://access.redhat.com/security/cve/CVE-2024-43044 https://bugzilla.redhat.com/show_bug.cgi?id=2303466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34623
https://notcve.org/view.php?id=CVE-2024-34623
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=08 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34622
https://notcve.org/view.php?id=CVE-2024-34622
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=08 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-34619
https://notcve.org/view.php?id=CVE-2024-34619
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=08 •