CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36418 – SuiteCRM authenticated RCE using connectors
https://notcve.org/view.php?id=CVE-2024-36418
Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-mfj5-37v4-vh5w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36415 – SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
https://notcve.org/view.php?id=CVE-2024-36415
Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35307 – Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
https://notcve.org/view.php?id=CVE-2024-35307
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36971 – Android Kernel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-36971
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. • https://git.kernel.org/stable/c/a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13 https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72 https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6 https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4 https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508 https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5725 – Centreon initCurveList SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5725
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. • https://www.zerodayinitiative.com/advisories/ZDI-24-597 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •