CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43733 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-43733
10 Dec 2024 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52844 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-52844
10 Dec 2024 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43714 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-43714
10 Dec 2024 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54037 – Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-54037
10 Dec 2024 — Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/connect/apsb24-99.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-49105 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49105
10 Dec 2024 — Remote Desktop Client Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-11772
https://notcve.org/view.php?id=CVE-2024-11772
10 Dec 2024 — Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11634
https://notcve.org/view.php?id=CVE-2024-11634
10 Dec 2024 — Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11633
https://notcve.org/view.php?id=CVE-2024-11633
10 Dec 2024 — Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54008 – Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform
https://notcve.org/view.php?id=CVE-2024-54008
10 Dec 2024 — An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04765en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53247 – Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app
https://notcve.org/view.php?id=CVE-2024-53247
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “... • https://advisory.splunk.com/advisories/SVD-2024-1205 • CWE-502: Deserialization of Untrusted Data •