CVSS: 7.2EPSS: 0%CPEs: -EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. • https://github.com/mbadanoiu/CVE-2024-22274 https://github.com/l0n3m4n/CVE-2024-22274-RCE https://github.com/ninhpn1337/CVE-2024-22274 https://github.com/Mustafa1986/CVE-2024-22274-RCE https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-27127 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-27127
If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later Se ha informado que una vulnerabilidad double free afecta a varias versiones del sistema operativo QNAP. • https://www.qnap.com/en/security-advisory/qsa-24-23 • CWE-415: Double Free •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52755 – ksmbd: fix slab out of bounds write in smb_inherit_dacl()
https://notcve.org/view.php?id=CVE-2023-52755
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819 https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70 https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-33529
https://notcve.org/view.php?id=CVE-2024-33529
ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-33528
https://notcve.org/view.php?id=CVE-2024-33528
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •