CVE-2024-32878 – Use of Uninitialized Variable Vulnerability in llama.cpp
https://notcve.org/view.php?id=CVE-2024-32878
Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). • https://github.com/ggerganov/llama.cpp/releases/tag/b2749 https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-p5mv-gjc5-mwqv • CWE-456: Missing Initialization of a Variable •
CVE-2024-32884 – gix-transport indirect code execution via malicious username
https://notcve.org/view.php?id=CVE-2024-32884
The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. • https://github.com/Byron/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh https://rustsec.org/advisories/RUSTSEC-2024-0335.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2024-22633
https://notcve.org/view.php?id=CVE-2024-22633
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. Se descubrió que el Setor Informatica Sistema Inteligente para Laboratorios (SIL) 388 contenía una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hprinter. Esta vulnerabilidad se activa mediante una solicitud POST manipulada. • https://tomiodarim.io/posts/cve-2024-22632-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32404
https://notcve.org/view.php?id=CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer related anterior a v.2024.1 permite a atacantes remotos ejecutar código arbitrario a través de una carga útil manipulada para la función Markup Sandbox. • https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-32406
https://notcve.org/view.php?id=CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer relate anterior a v.2024.1 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función de emisión de tickets de examen por lotes. • https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •