CVE-2024-29831 – Apache DolphinScheduler: RCE by arbitrary js execution
https://notcve.org/view.php?id=CVE-2024-29831
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. • https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0 • CWE-20: Improper Input Validation •
CVE-2024-22123 – Zabbix Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-22123
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. • https://support.zabbix.com/browse/ZBX-25013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22116 – Remote code execution within ping script
https://notcve.org/view.php?id=CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. • https://support.zabbix.com/browse/ZBX-25016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-7399 – Samsung MagicInfo Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7399
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicInfo Server. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://security.samsungtv.com/securityUpdates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •