CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-30072 – Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30072
11 Jun 2024 — Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en el análisis del archivo de registro de seguimiento de eventos de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30072 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37295 – Aimeos Core remote code execution in web server context
https://notcve.org/view.php?id=CVE-2024-37295
11 Jun 2024 — Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. • https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c • CWE-73: External Control of File Name or Path •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 1CVE-2024-21754
https://notcve.org/view.php?id=CVE-2024-21754
11 Jun 2024 — A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e ... • https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23111
https://notcve.org/view.php?id=CVE-2024-23111
11 Jun 2024 — An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-28023
https://notcve.org/view.php?id=CVE-2024-28023
11 Jun 2024 — A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-259: Use of Hard-coded Password •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
11 Jun 2024 — A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fue... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5701 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-5701
11 Jun 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitra... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1890909%2C1891422%2C1893915%2C1894047%2C1896024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5699 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-5699
11 Jun 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1891349 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5698 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-5698
11 Jun 2024 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1828259 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5697 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-5697
11 Jun 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1414937 •