CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39176 – Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39176
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-39176 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36528
https://notcve.org/view.php?id=CVE-2024-36528
10 Jun 2024 — nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. • https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4458 – Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-4458
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-4458 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36531
https://notcve.org/view.php?id=CVE-2024-36531
10 Jun 2024 — nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. • https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5723 – Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5723
10 Jun 2024 — Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. An attacker can lever... • https://www.zerodayinitiative.com/advisories/ZDI-24-595 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5725 – Centreon initCurveList SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5725
10 Jun 2024 — Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. An attacker can leverage ... • https://www.zerodayinitiative.com/advisories/ZDI-24-597 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 95%CPEs: 5EXPL: 66CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4577
09 Jun 2024 — .* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. PHP CGI module may misinterpret those characters as... • https://github.com/l0n3m4n/CVE-2024-4577-RCE • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45188 – IBM Engineering Lifecycle Optimization Publishing file upload
https://notcve.org/view.php?id=CVE-2023-45188
09 Jun 2024 — IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268751 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-37569
https://notcve.org/view.php?id=CVE-2024-37569
09 Jun 2024 — Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter. • https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
08 Jun 2024 — HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •