CVE-2024-29831 – Apache DolphinScheduler: RCE by arbitrary js execution
https://notcve.org/view.php?id=CVE-2024-29831
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. • https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0 • CWE-20: Improper Input Validation •
CVE-2024-22116 – Remote code execution within ping script
https://notcve.org/view.php?id=CVE-2024-22116
The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. • https://support.zabbix.com/browse/ZBX-25016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-7399 – Samsung MagicInfo Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7399
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicInfo Server. • https://security.samsungtv.com/securityUpdates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •
CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b https://github.com/izatop/bunt/commit/c55201a8cee03e5282f99874dead988c80d31db7 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •