CVE-2024-37340 – Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37340
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340 • CWE-822: Untrusted Pointer Dereference •
CVE-2024-37335 – Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37335
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-37338 – Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37338
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338 • CWE-125: Out-of-bounds Read •
CVE-2024-45595 – D-Tale allows Remote Code Execution through the Query input on Chart Builder
https://notcve.org/view.php?id=CVE-2024-45595
Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. • https://github.com/man-group/dtale#custom-filter https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8 https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-43799 – send vulnerable to template injection that can lead to XSS
https://notcve.org/view.php?id=CVE-2024-43799
Send passes untrusted user input to SendStream.redirect() which executes untrusted code. ... This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function. • https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg https://access.redhat.com/security/cve/CVE-2024-43799 https://bugzilla.redhat.com/show_bug.cgi?id=2311153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •