CVE-2024-31822
https://notcve.org/view.php?id=CVE-2024-31822
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método saveLanguageFiles del componente Languages.php. • https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32491
https://notcve.org/view.php?id=CVE-2024-32491
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. Se descubrió un problema en Znuny y Znuny LTS 6.0.31 a 6.5.7 y Znuny 7.0.1 a 7.0.16 donde un usuario que inició sesión puede cargar un archivo (a través de una solicitud AJAX manipulada) a una ubicación de escritura arbitraria atravesando rutas. Se puede ejecutar código arbitrario si esta ubicación está disponible públicamente a través del servidor web. • https://www.znuny.org/en/advisories/zsa-2024-01 https://znuny.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32492
https://notcve.org/view.php?id=CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. Se descubrió un problema en Znuny 7.0.1 a 7.0.16 donde la vista de detalles del ticket en el frente del cliente permite la ejecución de JavaScript externo. • https://www.znuny.org/en/advisories/zsa-2024-02 https://znuny.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32878 – Use of Uninitialized Variable Vulnerability in llama.cpp
https://notcve.org/view.php?id=CVE-2024-32878
Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). • https://github.com/ggerganov/llama.cpp/releases/tag/b2749 https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-p5mv-gjc5-mwqv • CWE-456: Missing Initialization of a Variable •
CVE-2024-32884 – gix-transport indirect code execution via malicious username
https://notcve.org/view.php?id=CVE-2024-32884
The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. • https://github.com/Byron/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh https://rustsec.org/advisories/RUSTSEC-2024-0335.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •