CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43480 – Azure Service Fabric for Linux Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43480
Azure Service Fabric for Linux Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38261 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38261
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow CWE-126: Buffer Over-read •
CVSS: 7.2EPSS: 4%CPEs: -EXPL: 0CVE-2024-9380 – Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8422 – Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8422
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-47553
https://notcve.org/view.php?id=CVE-2024-47553
The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-430425.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •