CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42394 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42394
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42395 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42395
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-295: Improper Certificate Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7502 – Delta Electronics DIAScreen Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-7502
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6200 – HaloITSM - Stored Cross-Site Scripting in Tickets
https://notcve.org/view.php?id=CVE-2024-6200
The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. • https://haloitsm.com/guides/article/?kbid=2152 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-6782 – Calibre Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. • https://github.com/Uno13x/CVE-2024-6782-PoC https://github.com/zangjiahe/CVE-2024-6782 https://github.com/jdpsl/CVE-2024-6782 https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 https://starlabs.sg/advisories/24/24-6782 • CWE-863: Incorrect Authorization •