CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53554
https://notcve.org/view.php?id=CVE-2024-53554
25 Nov 2024 — A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. • https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50672
https://notcve.org/view.php?id=CVE-2024-50672
25 Nov 2024 — Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application. • https://github.com/adaptlearning/adapt_authoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53915 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53915
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53909 – Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53909
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53910 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53910
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53911 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53911
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53912 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53912
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53913 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53913
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53914 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53914
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8805 – BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8805
22 Nov 2024 — BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. ... An attacker can leverage this vulnerability to execute code in the context of the current user. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-1229 • CWE-284: Improper Access Control •