CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2961 – glibc: Out of bounds write in iconv may lead to remote code execution
https://notcve.org/view.php?id=CVE-2024-2961
This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad. • https://github.com/rvizx/CVE-2024-2961 https://github.com/tnishiox/cve-2024-2961 https://github.com/absolutedesignltd/iconvfix https://github.com/mattaperkins/FIX-CVE-2024-2961 http://www.openwall.com/lists/oss-security/2024/04/17/9 http://www.openwall.com/lists/oss-security/2024/04/18/4 http://www.openwall.com/lists/oss-security/2024/04/24/2 http://www.openwall.com/lists/oss-security/2024/05/27/1 http://www.openwall.com/lists/oss-security/2024/05/2 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28073 – SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28073
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. ... Se descubrió que SolarWinds Serv-U era susceptible a una vulnerabilidad de Directory Traversal Remote Code. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5406
https://notcve.org/view.php?id=CVE-2023-5406
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. • https://process.honeywell.com • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5404
https://notcve.org/view.php?id=CVE-2023-5404
Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. • https://process.honeywell.com • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5403
https://notcve.org/view.php?id=CVE-2023-5403
Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •