CVE-2023-42959
https://notcve.org/view.php?id=CVE-2023-42959
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213940 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-6726 – Remote Code Execution (RCE) in Delphix
https://notcve.org/view.php?id=CVE-2024-6726
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). • https://portal.perforce.com/s/detail/a91PA000001SUDtYAO • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-41799 – tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
https://notcve.org/view.php?id=CVE-2024-41799
A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. • https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4 https://github.com/tgstation/tgstation-server/pull/1835 https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-38529 – Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
https://notcve.org/view.php?id=CVE-2024-38529
In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. • https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-37381
https://notcve.org/view.php?id=CVE-2024-37381
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •