CVE-2024-6873 – Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.
https://notcve.org/view.php?id=CVE-2024-6873
This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. Fixes have been merged to all currently supported version of ClickHouse. • https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f • CWE-122: Heap-based Buffer Overflow •
CVE-2024-41961 – Elektra vulnerable to remote code execution in universal search
https://notcve.org/view.php?id=CVE-2024-41961
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02. • https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02 https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-38481
https://notcve.org/view.php?id=CVE-2024-38481
A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-125: Out-of-bounds Read •
CVE-2024-38490
https://notcve.org/view.php?id=CVE-2024-38490
A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVE-2024-38489
https://notcve.org/view.php?id=CVE-2024-38489
A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •