CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50323 – Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50322 – Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50322
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2315 – SMM arbitrary code execution in Overclock
https://notcve.org/view.php?id=CVE-2024-2315
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33658 – Buffer Overflow Vulnerability In OFBD
https://notcve.org/view.php?id=CVE-2024-33658
Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-11130 – ZZCMS msg.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11130
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. • https://github.com/En0t5/vul/blob/main/zzcms-msg-xss.md https://vuldb.com/?ctiid.283976 https://vuldb.com/?id.283976 https://vuldb.com/?submit.439699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •