CVE-2024-39906 – Remote code execution in Haven IndieAuthClient (GHSL-2024-093)
https://notcve.org/view.php?id=CVE-2024-39906
This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. ... Este problema puede provocar la ejecución remota de código (RCE) y se solucionó mediante la confirmación `c52f07c`. • https://github.com/havenweb/haven/commit/c52f07c https://github.com/havenweb/haven/security/advisories/GHSA-65cm-7g24-hm9f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-40724
https://notcve.org/view.php?id=CVE-2024-40724
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. • https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97 https://github.com/assimp/assimp/releases/tag/v5.4.2 https://jvn.jp/en/jp/JVN87710540 •
CVE-2024-40400
https://notcve.org/view.php?id=CVE-2024-40400
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. • https://github.com/marcantondahmen/automad/issues/106 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-39962
https://notcve.org/view.php?id=CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. ... Se descubrió que D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 contiene una vulnerabilidad de ejecución remota de código (RCE) en el parámetro ntp_zone_val en /goform/set_ntp. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-41599
https://notcve.org/view.php?id=CVE-2024-41599
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method Vulnerabilidad de Cross Site Scripting en RuoYi v.4.7.9 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del método de carga de archivos • https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41599 •