CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-0401 – ASUS OVPN RCE
https://notcve.org/view.php?id=CVE-2024-0401
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. • https://vulncheck.com/advisories/asus-ovpn-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-4323 – Fluent Bit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-4323
This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. • https://github.com/d0rb/CVE-2024-4323 https://github.com/skilfoy/CVE-2024-4323-Exploit-POC https://github.com/yuansec/CVE-2024-4323-dos_poc https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04 https://tenable.com/security/research/tra-2024-17 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34792 – WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-34792
The Dextaz Ping plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.65. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/dextaz-ping/wordpress-dextaz-ping-plugin-0-65-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35880 – io_uring/kbuf: hold io_buffer_list reference over mmap
https://notcve.org/view.php?id=CVE-2024-35880
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the io_uring buffer list. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/09f7520048eaaee9709091cd2787966f807da7c5 https://git.kernel.org/stable/c/5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252 https://git.kernel.org/stable/c/65938e81df2197203bda4b9a0c477e7987218d66 https://git.kernel.org/stable/c/5fd8e2359498043e0b5329a05f02d10a9eb91eb9 https://git.kernel.org/stable/c/561e4f9451d65fc2f7eef564e0064373e3019793 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-31879 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-31879
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287539 https://www.ibm.com/support/pages/node/7154380 • CWE-502: Deserialization of Untrusted Data •