CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5082 – Nexus Repository 2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5082
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36488 – Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36488
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Intel Driver & Support Assistant service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01200.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43091
https://notcve.org/view.php?id=CVE-2024-43091
This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10 https://source.android.com/security/bulletin/2024-11-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49379 – Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel
https://notcve.org/view.php?id=CVE-2024-49379
Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2. • https://github.com/getumbrel/umbrel/commit/b83e3542650880bf1439419d00bf82285a7d2b22 https://github.com/getumbrel/umbrel/releases/tag/1.2.2 https://securitylab.github.com/advisories/GHSL-2024-164_Umbrel • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •