CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28117 – Grav vulnerable to Server Side Template Injection (SSTI)
https://notcve.org/view.php?id=CVE-2024-28117
As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. • https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-28116 – Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
https://notcve.org/view.php?id=CVE-2024-28116
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. Grav es un sistema de gestión de contenidos de archivos planos de código abierto. Grav CMS anterior a la versión 1.7.45 es vulnerable a una inyección de plantilla del lado del servidor (SSTI), que permite a cualquier usuario autenticado (los permisos del editor son suficientes) ejecutar código arbitrario en el servidor remoto sin pasar por el entorno limitado de seguridad existente. • https://github.com/geniuszlyy/GenGravSSTIExploit https://github.com/akabe1/Graver https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-22724
https://notcve.org/view.php?id=CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Se descubrió un problema en osCommerce v4 que permite a atacantes locales eludir las restricciones de carga de archivos y ejecutar código arbitrario a través de la función de carga de fotos de perfil del administrador. • https://github.com/osCommerce/osCommerce-V4/issues/62 https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-2469 – Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
https://notcve.org/view.php?id=CVE-2024-2469
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. Un atacante con función de administrador en GitHub Enterprise Server podría obtener acceso raíz SSH mediante la ejecución remota de código. Esta vulnerabilidad afectó a GitHub Enterprise Server versión 3.8.0 y superiores y se solucionó en las versiones 3.8.17, 3.9.12, 3.10.9, 3.11.7 y 3.12.1. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29032 – `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-29032
Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. • https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159 https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m • CWE-502: Deserialization of Untrusted Data •