CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5040 – LCDS LAquis SCADA Path Traversal
https://notcve.org/view.php?id=CVE-2024-5040
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. ... An attacker can leverage this vulnerability to execute code in the context of the logged-in user. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-34274
https://notcve.org/view.php?id=CVE-2024-34274
The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. • https://github.com/OpenBD/openbd-core/issues/89 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-25724
https://notcve.org/view.php?id=CVE-2024-25724
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file. • https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/index.html#cve-2024-25724 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. • https://github.com/mbadanoiu/CVE-2024-22274 https://github.com/l0n3m4n/CVE-2024-22274-RCE https://github.com/ninhpn1337/CVE-2024-22274 https://github.com/Mustafa1986/CVE-2024-22274-RCE https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-27127 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-27127
If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later Se ha informado que una vulnerabilidad double free afecta a varias versiones del sistema operativo QNAP. • https://www.qnap.com/en/security-advisory/qsa-24-23 • CWE-415: Double Free •