CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53914 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53914
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8805 – BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8805
22 Nov 2024 — BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. ... An attacker can leverage this vulnerability to execute code in the context of the current user. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1229 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9942 – WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9942
22 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38117 – Possible Remote Code Execution Vulnerability OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38117
22 Nov 2024 — Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37041 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-37041
22 Nov 2024 — If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. ... If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. • https://www.qnap.com/en/security-advisory/qsa-24-43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37044 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-37044
22 Nov 2024 — If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. ... If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. • https://www.qnap.com/en/security-advisory/qsa-24-43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37047 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-37047
22 Nov 2024 — If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. ... If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. • https://www.qnap.com/en/security-advisory/qsa-24-43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37049 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-37049
22 Nov 2024 — If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. ... If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. • https://www.qnap.com/en/security-advisory/qsa-24-43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37050 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-37050
22 Nov 2024 — If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. ... If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. • https://www.qnap.com/en/security-advisory/qsa-24-43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41779 – IBM Engineering Systems Design Rhapsody - Model Manager
https://notcve.org/view.php?id=CVE-2024-41779
22 Nov 2024 — IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. By sending a specially crafted request, an atta... • https://www.ibm.com/support/pages/node/7172535 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •