CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36244 – net/sched: taprio: extend minimum interval restriction to entire cycle too
https://notcve.org/view.php?id=CVE-2024-36244
21 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33619 – efi: libstub: only free priv.runtime_map when allocated
https://notcve.org/view.php?id=CVE-2024-33619
21 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f80d26043af91ceb5036c478101c015edb9e7630 •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-31076 – genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
https://notcve.org/view.php?id=CVE-2024-31076
21 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
21 Jun 2024 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23924 – Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23924
21 Jun 2024 — Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23105 This vulnerability allows... • https://www.zerodayinitiative.com/advisories/ZDI-24-846 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39350 – Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39350
21 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of user accounts. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39347 – Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-39347
21 Jun 2024 — This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39352 – Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-39352
21 Jun 2024 — This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23957 – Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23957
21 Jun 2024 — Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute code
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23967 – Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23967
21 Jun 2024 — Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. ... An attacker can leverage this vulnerability to execute code in the context of the device. An attacker can leverage this vulnerability to execute code... • https://www.zerodayinitiative.com/advisories/ZDI-24-853 • CWE-121: Stack-based Buffer Overflow •