CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41956 – Soft Serve allows arbitrary code execution by crafting git-lfs requests
https://notcve.org/view.php?id=CVE-2024-41956
Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. ... This includes environment variables that control program execution, such as LD_PRELOAD. • https://github.com/charmbracelet/soft-serve/commit/4daebdd422a6ba8c04162d023f8be355a8fe3184 https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7256
https://notcve.org/view.php?id=CVE-2024-7256
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html https://issues.chromium.org/issues/354748060 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6873 – Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.
https://notcve.org/view.php?id=CVE-2024-6873
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. Fixes have been merged to all currently supported version of ClickHouse. • https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41961 – Elektra vulnerable to remote code execution in universal search
https://notcve.org/view.php?id=CVE-2024-41961
A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. • https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02 https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38481
https://notcve.org/view.php?id=CVE-2024-38481
A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-125: Out-of-bounds Read •