CVE-2024-37885 – Code injection in Nextcloud Desktop Client for macOS
https://notcve.org/view.php?id=CVE-2024-37885
A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. • https://github.com/nextcloud/desktop/pull/6378 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7 https://hackerone.com/reports/2307625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-5671
https://notcve.org/view.php?id=CVE-2024-5671
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. • https://thrive.trellix.com/s/article/000013623 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-36598 – AEGON LIFE 1.0 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-36598
An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. Una vulnerabilidad de carga de archivos arbitrarios en Aegon Life v1.0 permite a los atacantes ejecutar código arbitrario cargando un archivo de imagen manipulado. AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability. • https://github.com/keruenn/PoC-CVE-2024-36598 https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36598 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32925
https://notcve.org/view.php?id=CVE-2024-32925
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En dhd_prot_txstatus_process de dhd_msgbuf.c, hay una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-06-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34109 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2024-34109
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-20: Improper Input Validation •