CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39864 – Apache CloudStack: Integration API service uses dynamic port when disabled
https://notcve.org/view.php?id=CVE-2024-39864
05 Jul 2024 — The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default va... • http://www.openwall.com/lists/oss-security/2024/07/05/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6507 – Deep Lake Kaggle command injection
https://notcve.org/view.php?id=CVE-2024-6507
04 Jul 2024 — Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API Inyección de comando al ingerir un conjunto de datos remoto de Kaggle debido a una falta de sanitización de entrada en la API ingest_kaggle() • https://github.com/activeloopai/deeplake/pull/2876 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37934 – WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37934
04 Jul 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39932
https://notcve.org/view.php?id=CVE-2024-39932
04 Jul 2024 — Gogs through 0.13.0 allows argument injection during the previewing of changes. Gogs hasta 0.13.0 permite la inyección de argumentos durante la vista previa de los cambios. • https://github.com/gogs/gogs/releases • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39165
https://notcve.org/view.php?id=CVE-2024-39165
04 Jul 2024 — QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product. • https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-32498 – OpenStack: malicious qcow2/vmdk images
https://notcve.org/view.php?id=CVE-2024-32498
03 Jul 2024 — This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. • https://launchpad.net/bugs/2059809 • CWE-400: Uncontrolled Resource Consumption CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-39844 – Debian Security Advisory 5725-1
https://notcve.org/view.php?id=CVE-2024-39844
03 Jul 2024 — In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. En ZNC anterior a 1.9.1, la ejecución remota de código puede ocurrir en modtcl mediante un KICK. Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server. • https://github.com/ph1ns/CVE-2024-39844 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38519 – yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
https://notcve.org/view.php?id=CVE-2024-38519
02 Jul 2024 — Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution. • https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37077 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-37077
02 Jul 2024 — in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37185 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-37185
02 Jul 2024 — in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md • CWE-787: Out-of-bounds Write •