CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-30072 – Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30072
Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en el análisis del archivo de registro de seguimiento de eventos de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30072 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-37295 – Aimeos Core remote code execution in web server context
https://notcve.org/view.php?id=CVE-2024-37295
Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. • https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c • CWE-73: External Control of File Name or Path •
CVSS: 1.8EPSS: 0%CPEs: 8EXPL: 1CVE-2024-21754
https://notcve.org/view.php?id=CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. • https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE https://fortiguard.fortinet.com/psirt/FG-IR-23-423 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-28023
https://notcve.org/view.php?id=CVE-2024-28023
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-259: Use of Hard-coded Password •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la política de seguridad implícita de un programa. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •