CVSS: 2.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22460
https://notcve.org/view.php?id=CVE-2024-22460
A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. • https://www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24787 – Arbitrary code execution during build on Darwin in cmd/go
https://notcve.org/view.php?id=CVE-2024-24787
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. • https://github.com/LOURC0D3/CVE-2024-24787-PoC http://www.openwall.com/lists/oss-security/2024/05/08/3 https://go.dev/cl/583815 https://go.dev/issue/67119 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2825 https://security.netapp.com/advisory/ntap-20240531-0006 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4605 – Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4605
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code. El complemento Breakdance para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.7.1 incluida a través de metadatos de publicación. • https://breakdance.com/breakdance-1-7-2-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29209
https://notcve.org/view.php?id=CVE-2024-29209
Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. • https://support.knowbe4.com/hc/en-us/articles/28959755127955-CVE-2024-29209 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34341 – The Trix Editor Contains an Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34341
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. • https://github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad https://github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554 https://github.com/basecamp/trix/pull/1147 https://github.com/basecamp/trix/pull/1149 https://github.com/basecamp/trix/releases/tag/v2.1.1 https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •