CVE-2024-32465 – Git's protections for cloning untrusted repositories can be bypassed
https://notcve.org/view.php?id=CVE-2024-32465
If the victim were to clone this repository, it could result in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/05/14/2 https://git-scm.com/docs/git#_security https://git-scm.com/docs/git-clone https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR https://access.redhat.com/security • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-32352
https://notcve.org/view.php?id=CVE-2024-32352
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través del parámetro "ipsecL2tpEnable" en el binario "cstecgi.cgi". • https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32350
https://notcve.org/view.php?id=CVE-2024-32350
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través del parámetro "ipsecPsk" en el binario "cstecgi.cgi". • https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34225
https://notcve.org/view.php?id=CVE-2024-34225
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. Vulnerabilidad de Cross Site Scripting en php-lms/admin/?page=system_info en Computer Laboratory Management System que utiliza PHP y MySQL 1.0 permite a atacantes remotos inyectar script web o HTML de su elección mediante los parámetros de nombre y nombre corto. • https://github.com/dovankha/CVE-2024-34225 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-31954
https://notcve.org/view.php?id=CVE-2024-31954
Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. • https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31954 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •