CVE-2024-37085 – VMware ESXi Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. • https://github.com/mahmutaymahmutay/CVE-2024-37085 https://github.com/Florian-Hoth/CVE-2024-37085-RCE-POC https://github.com/WTN-arny/CVE-2024-37085 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 • CWE-305: Authentication Bypass by Primary Weakness •
CVE-2024-4196 – Avaya IP Office Web Control RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-4196
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •
CVE-2024-37007 – Autodesk AutoCAD X_T File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37007
This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-416: Use After Free •
CVE-2024-23152 – Autodesk AutoCAD 3DM File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23152
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-125: Out-of-bounds Read •
CVE-2024-37005 – Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37005
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read •