CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21508
https://notcve.org/view.php?id=CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Las versiones del paquete mysql2 anteriores a la 3.9.4 son vulnerables a la ejecución remota de código (RCE) a través de la función readCodeFor debido a una validación incorrecta de los valores supportBigNumbers y bigNumberStrings. • https://blog.slonser.info/posts/mysql2-attacker-configuration https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21 https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805 https://github.com/sidorares/node-mysql2/pull/2572 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3652 – IKEv1 default AH/ESP responder can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-3652
No remote code execution is possible. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-404: Improper Resource Shutdown or Release CWE-617: Reachable Assertion •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30885
https://notcve.org/view.php?id=CVE-2024-30885
Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . • https://github.com/Hebing123/cve/issues/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30884
https://notcve.org/view.php?id=CVE-2024-30884
version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. • https://github.com/Hebing123/cve/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-25376
https://notcve.org/view.php?id=CVE-2024-25376
KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. • https://github.com/ewilded/CVE-2024-25376-POC https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •