CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. • https://issues.apache.org/jira/browse/OFBIZ-13132 https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-34660
https://notcve.org/view.php?id=CVE-2024-34660
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVE-2024-34657
https://notcve.org/view.php?id=CVE-2024-34657
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVE-2024-34656
https://notcve.org/view.php?id=CVE-2024-34656
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVE-2024-44808
https://notcve.org/view.php?id=CVE-2024-44808
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. • https://github.com/Vypor/Vypors-Attack-API-System https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 • CWE-20: Improper Input Validation •