CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45053 – Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
https://notcve.org/view.php?id=CVE-2024-45053
Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. • https://github.com/ethyca/fides/commit/829cbd9cb5ef9c814fbac1ed6800e8d939d359c5 https://github.com/ethyca/fides/security/advisories/GHSA-c34r-238x-f7qx • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 55%CPEs: 1EXPL: 0CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Vulnerabilidad de Server-Side Request Forgery (SSRF) y control inadecuado de la generación de código ('inyección de código') en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versión 18.12.16. Se recomienda a los usuarios que actualicen a la versión 18.12.16, que soluciona el problema. • https://issues.apache.org/jira/browse/OFBIZ-13132 https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34660
https://notcve.org/view.php?id=CVE-2024-34660
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34657
https://notcve.org/view.php?id=CVE-2024-34657
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34656
https://notcve.org/view.php?id=CVE-2024-34656
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •