CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52755 – ksmbd: fix slab out of bounds write in smb_inherit_dacl()
https://notcve.org/view.php?id=CVE-2023-52755
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to execute code in the context of the kernel. • https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819 https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70 https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-33529
https://notcve.org/view.php?id=CVE-2024-33529
ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35060
https://notcve.org/view.php?id=CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-45q4-h8rr-hgx2 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35056
https://notcve.org/view.php?id=CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-gpgj-xrgw-8mx2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35058
https://notcve.org/view.php?id=CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-4gxj-5mmr-7pxq • CWE-319: Cleartext Transmission of Sensitive Information •