CVSS: 9.9EPSS: 0%CPEs: 27EXPL: 0CVE-2024-20329 – Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-20329
23 Oct 2024 — A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF •
CVSS: 10.0EPSS: 87%CPEs: 6EXPL: 16CVE-2024-47575 – Fortinet FortiManager Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-47575
23 Oct 2024 — A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted req... • https://packetstorm.news/files/id/182936 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47901
https://notcve.org/view.php?id=CVE-2024-47901
23 Oct 2024 — The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-333468.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50050
https://notcve.org/view.php?id=CVE-2024-50050
23 Oct 2024 — Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. • https://www.facebook.com/security/advisories/cve-2024-50050 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-50066 – mm/mremap: fix move_normal_pmd/retract_page_tables race
https://notcve.org/view.php?id=CVE-2024-50066
23 Oct 2024 — The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. ... Bug reachability: Reaching this bug requires that you can create... • https://packetstorm.news/files/id/182762 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10231 – Debian Security Advisory 5799-1
https://notcve.org/view.php?id=CVE-2024-10231
22 Oct 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10230 – Debian Security Advisory 5799-1
https://notcve.org/view.php?id=CVE-2024-10230
22 Oct 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10229 – Debian Security Advisory 5799-1
https://notcve.org/view.php?id=CVE-2024-10229
22 Oct 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48919 – RCE via Prompt Injection Into Cursor's Terminal Cmd-K
https://notcve.org/view.php?id=CVE-2024-48919
22 Oct 2024 — Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. • https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9287 – Virtual environment (venv) activation scripts don't quote paths
https://notcve.org/view.php?id=CVE-2024-9287
22 Oct 2024 — A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. • https://github.com/python/cpython/issues/124651 • CWE-428: Unquoted Search Path or Element •