CVE-2024-44902
https://notcve.org/view.php?id=CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/fru1ts/CVE-2024-44902 http://thinkphp.com • CWE-502: Deserialization of Untrusted Data •
CVE-2024-42024
https://notcve.org/view.php?id=CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-40711 – Veeam Backup And Replication 12.1.2.172 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). • https://github.com/watchtowrlabs/CVE-2024-40711?tab=readme-ov-file https://github.com/watchtowrlabs/CVE-2024-40711 https://www.veeam.com/kb4649 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-39715
https://notcve.org/view.php?id=CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-38651
https://notcve.org/view.php?id=CVE-2024-38651
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •