CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33511
https://notcve.org/view.php?id=CVE-2024-33511
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26305
https://notcve.org/view.php?id=CVE-2024-26305
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2CVE-2024-26304
https://notcve.org/view.php?id=CVE-2024-26304
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits https://github.com/X-Projetion/CVE-2024-26304-RCE-exploit https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4405 – Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4405
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-46295
https://notcve.org/view.php?id=CVE-2023-46295
Unauthenticated remote code execution can occur in the web server. • https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46295 • CWE-918: Server-Side Request Forgery (SSRF) •