CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-22910
https://notcve.org/view.php?id=CVE-2024-22910
Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. • https://gist.github.com/cgnl/672ace3cbad1116fcd9ae633e54ea9f8 •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4871 – Foreman: host ssh key not being checked in remote execution
https://notcve.org/view.php?id=CVE-2024-4871
When running a remote execution job on a host, the host's SSH key is not being checked. ... This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it. • https://access.redhat.com/security/cve/CVE-2024-4871 https://bugzilla.redhat.com/show_bug.cgi?id=2278627 https://access.redhat.com/errata/RHBA-2024:4589 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1913
https://notcve.org/view.php?id=CVE-2024-1913
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22270 – VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22270
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the hgfsVMCI_fileread function. The issue results from the lack of proper initialization of memory prior to accessing it.An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UrbBuf_getDataBuf function. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •