CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2023-49907
https://notcve.org/view.php?id=CVE-2023-49907
A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2023-49906
https://notcve.org/view.php?id=CVE-2023-49906
A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2224 – Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)
https://notcve.org/view.php?id=CVE-2024-2224
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. • https://github.com/SeanPesce/CVE-2024-22243 https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2024-29988 – Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad de solicitud de SmartScreen This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://github.com/Sploitus/CVE-2024-29988-exploit https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26158
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •