CVSS: 5.5EPSS: %CPEs: -EXPL: 0CVE-2024-30801
https://notcve.org/view.php?id=CVE-2024-30801
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. • http://cloud.com http://www.minipacs.com/ylqxrj https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-29513
https://notcve.org/view.php?id=CVE-2024-29513
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-22910
https://notcve.org/view.php?id=CVE-2024-22910
Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. • https://gist.github.com/cgnl/672ace3cbad1116fcd9ae633e54ea9f8 •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4871 – Foreman: host ssh key not being checked in remote execution
https://notcve.org/view.php?id=CVE-2024-4871
When running a remote execution job on a host, the host's SSH key is not being checked. ... This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it. • https://access.redhat.com/security/cve/CVE-2024-4871 https://bugzilla.redhat.com/show_bug.cgi?id=2278627 https://access.redhat.com/errata/RHBA-2024:4589 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1913
https://notcve.org/view.php?id=CVE-2024-1913
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •