CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47845 – CSS sanitizer used incorrectly, and is easily bypassed
https://notcve.org/view.php?id=CVE-2024-47845
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. • https://gerrit.wikimedia.org/r/q/I6f38f4a8fc1dcd690ab27b8f18ce6ca903bacc53 https://phabricator.wikimedia.org/T368594 https://phabricator.wikimedia.org/T368628 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38039 – BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS.
https://notcve.org/view.php?id=CVE-2024-38039
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42415
https://notcve.org/view.php?id=CVE-2024-42415
This can lead to arbitrary code execution. • https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36474
https://notcve.org/view.php?id=CVE-2024-36474
This can lead to arbitrary code execution. • https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47561 – Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
https://notcve.org/view.php?id=CVE-2024-47561
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema. A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x https://access.redhat.com/security/cve/CVE-2024-47561 https://bugzilla.redhat.com/show_bug.cgi?id=2316116 • CWE-502: Deserialization of Untrusted Data •