CVE-2024-31974
https://notcve.org/view.php?id=CVE-2024-31974
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions). La aplicación com.solarized.firedown (también conocida como Solarized FireDown Browser & Downloader) versión 1.0.76 para Android permite a un atacante remoto ejecutar código JavaScript arbitrario mediante una intención diseñada. com.solarized.firedown.IntentActivity utiliza un componente WebView para mostrar contenido web y no sanitiza adecuadamente el URI ni ningún dato adicional pasado en el intent por ninguna aplicación instalada (sin permisos). • https://github.com/actuator/com.solarized.firedown https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22429
https://notcve.org/view.php?id=CVE-2024-22429
A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020 • CWE-20: Improper Input Validation •
CVE-2024-23522 – WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23522
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Strategy11 Form Builder Team Formidable Forms permite la inyección de código. Este problema afecta a Formidable Forms: desde n/a hasta 6.7. • https://patchstack.com/database/vulnerability/formidable/wordpress-formidable-forms-plugin-6-7-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-1417 – Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari
https://notcve.org/view.php?id=CVE-2024-1417
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en WatchGuard AuthPoint Password Manager en MacOS permite a un adversario con acceso local ejecutar código en el contexto de la aplicación AuthPoint Password Manager. Este problema afecta a AuthPoint Password Manager para versiones de MacOS anteriores a la 1.0.6. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-48643
https://notcve.org/view.php?id=CVE-2023-48643
Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. • https://github.com/takeshixx/tac_plus-pre-auth-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •