CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3652 – IKEv1 default AH/ESP responder can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-3652
No remote code execution is possible. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-404: Improper Resource Shutdown or Release CWE-617: Reachable Assertion •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30885
https://notcve.org/view.php?id=CVE-2024-30885
Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . • https://github.com/Hebing123/cve/issues/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30884
https://notcve.org/view.php?id=CVE-2024-30884
version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. • https://github.com/Hebing123/cve/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-25376
https://notcve.org/view.php?id=CVE-2024-25376
KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. • https://github.com/ewilded/CVE-2024-25376-POC https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30878
https://notcve.org/view.php?id=CVE-2024-30878
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. • https://github.com/jianyan74/rageframe2/issues/111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •