CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31864 – Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
https://notcve.org/view.php?id=CVE-2024-31864
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. • http://www.openwall.com/lists/oss-security/2024/04/09/8 https://github.com/apache/zeppelin/pull/4709 https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb https://www.cve.org/CVERecord?id=CVE-2020-11974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45590
https://notcve.org/view.php?id=CVE-2023-45590
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website Un control inadecuado de la generación de código ("inyección de código") en Fortinet FortiClientLinux versión 7.2.0, 7.0.6 a 7.0.10 y 7.0.3 a 7.0.4 permite a un atacante ejecutar código o comandos no autorizados engañando a un usuario de FortiClientLinux para que visitar un sitio web malicioso • https://fortiguard.com/psirt/FG-IR-23-087 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31807
https://notcve.org/view.php?id=CVE-2024-31807
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hostTime en la función NTPSyncWithHost. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31022
https://notcve.org/view.php?id=CVE-2024-31022
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. Se descubrió un problema en CandyCMS versión 1.0.0 que permite a atacantes remotos ejecutar código arbitrario a través del componente install.php. • https://www.xuxblog.top/2024/03/25/CandyCMS-Pre-Auth-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30923 – DerbyNet 9.0 print/render/racer.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •