CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2024-33220
https://notcve.org/view.php?id=CVE-2024-33220
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220 •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33219
https://notcve.org/view.php?id=CVE-2024-33219
An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33219 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33218
https://notcve.org/view.php?id=CVE-2024-33218
An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33218 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5157
https://notcve.org/view.php?id=CVE-2024-5157
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/336012573 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF • CWE-416: Use After Free •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5196 – Arris VAP2500 tools_command.php command injection
https://notcve.org/view.php?id=CVE-2024-5196
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf https://vuldb.com/? • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •