CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-39202
https://notcve.org/view.php?id=CVE-2024-39202
08 Jul 2024 — D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Se descubrió que el firmware D-Link DIR-823X - 240126 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro dhcpd_startip en /goform/set_lan_settings. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34361 – Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-34361
05 Jul 2024 — Depending on some circumstances, the vulnerability could lead to remote command execution. • https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38346 – Apache CloudStack: Unauthenticated cluster service port leads to remote execution
https://notcve.org/view.php?id=CVE-2024-38346
05 Jul 2024 — Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remo... • http://www.openwall.com/lists/oss-security/2024/07/05/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39864 – Apache CloudStack: Integration API service uses dynamic port when disabled
https://notcve.org/view.php?id=CVE-2024-39864
05 Jul 2024 — An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. An attacker that can access the CloudStack management network could scan and find the randomised integration API serv... • http://www.openwall.com/lists/oss-security/2024/07/05/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 1CVE-2024-6298 – remote code execution
https://notcve.org/view.php?id=CVE-2024-6298
05 Jul 2024 — Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. ... Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely ABB Cylon Aspect versio... • https://packetstorm.news/files/id/181803 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39485 – media: v4l: async: Properly re-initialise notifier entry in unregister
https://notcve.org/view.php?id=CVE-2024-39485
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39483 – KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
https://notcve.org/view.php?id=CVE-2024-39483
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/fa4c027a7956f5e07697bfcb580d25eeb8471257 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39482 – bcache: fix variable length array abuse in btree_iter
https://notcve.org/view.php?id=CVE-2024-39482
05 Jul 2024 — A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. • https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39481 – media: mc: Fix graph walk in media_pipeline_start
https://notcve.org/view.php?id=CVE-2024-39481
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ae219872834a32da88408a92a4b4745c11f5a7ce •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39480 – kdb: Fix buffer overflow during tab-complete
https://notcve.org/view.php?id=CVE-2024-39480
05 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •