CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2024-2874 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-2874
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, la versión 16.11 anterior a 16.11.3 y la 17.0 anterior a 17.0.1. Un ejecutor registrado con una descripción manipulada tiene el potencial de interrumpir la carga de recursos web de GitLab específicos. • https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc https://gitlab.com/gitlab-org/gitlab/-/issues/451911 https://hackerone.com/reports/2426166 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5227 – TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5227
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-499 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-5244 – TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
https://notcve.org/view.php?id=CVE-2024-5244
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-503 • CWE-656: Reliance on Security Through Obscurity •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5242 – TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5242
TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-501 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5243 – TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5243
TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-502 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •