CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-33394
https://notcve.org/view.php?id=CVE-2024-33394
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. • https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-25290
https://notcve.org/view.php?id=CVE-2024-25290
An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. • https://cybercx.com.au/blog/zero-day-remote-code-execution-in-netcomm-nl1901acv-vdsl-modem • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-32359
https://notcve.org/view.php?id=CVE-2024-32359
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster. • http://carina.com https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906 https://github.com/HouqiyuA/k8s-rbac-poc https://github.com/carina-io/carina • CWE-285: Improper Authorization •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-33396
https://notcve.org/view.php?id=CVE-2024-33396
An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. • https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49606
https://notcve.org/view.php?id=CVE-2023-49606
A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. • https://github.com/d0rb/CVE-2023-49606 http://www.openwall.com/lists/oss-security/2024/05/07/1 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 • CWE-416: Use After Free •