CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 2CVE-2024-4885 – WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4885
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerabilit... • https://packetstorm.news/files/id/179404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4884 – WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4884
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerabilit... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-4883 – WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4883
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. ... Esta vulnerabilidad permite que un atacante no autenticado obtenga RCE como cuenta de servicio a través de NmApi.exe. This vulnerability allows remote attackers to execute arbitrary code on ... • https://packetstorm.news/files/id/179405 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5989 – Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5989
25 Jun 2024 — Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManage... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5988 – Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5988
25 Jun 2024 — Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® T... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39470 – eventfs: Fix a possible null pointer dereference in eventfs_find_events()
https://notcve.org/view.php?id=CVE-2024-39470
25 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/628adb842bd5e1c2c598534a7a022b8235289de6 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39467 – f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
https://notcve.org/view.php?id=CVE-2024-39467
25 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39466 – thermal/drivers/qcom/lmh: Check for SCM availability at probe
https://notcve.org/view.php?id=CVE-2024-39466
25 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/53bca371cdf7addc1e93e1b99285b3d3935685ec •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39465 – media: mgb4: Fix double debugfs remove
https://notcve.org/view.php?id=CVE-2024-39465
25 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0ab13674a9bd10514486cf1670d71dbd8afec421 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39464 – media: v4l: async: Fix notifier list entry init
https://notcve.org/view.php?id=CVE-2024-39464
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. node for remote endpoint is disabled, and returns -ENOTCON... • https://git.kernel.org/stable/c/b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3 •