CVSS: 1.8EPSS: 0%CPEs: 8EXPL: 1CVE-2024-21754
https://notcve.org/view.php?id=CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. • https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE https://fortiguard.fortinet.com/psirt/FG-IR-23-423 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-28023
https://notcve.org/view.php?id=CVE-2024-28023
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-259: Use of Hard-coded Password •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la política de seguridad implícita de un programa. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35303 – Siemens Tecnomatix Plant Simulation MODEL File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35303
This could allow an attacker to execute code in the context of the current process. ... (ZDI-CAN-22958) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-900277.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34115 – ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34115
Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html • CWE-787: Out-of-bounds Write •