CVE-2024-1117 – openBI Screen.php index code injection
https://notcve.org/view.php?id=CVE-2024-1117
The manipulation of the argument fileurl leads to code injection. ... Durch die Manipulation des Arguments fileurl mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/Liu1nbjddxu4 https://vuldb.com/?ctiid.252475 https://vuldb.com/?id.252475 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-23647 – PKCE downgrade attack in Authentik
https://notcve.org/view.php?id=CVE-2024-23647
Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. • https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj • CWE-287: Improper Authentication •
CVE-2024-21649 – Remote code execution
https://notcve.org/view.php?id=CVE-2024-21649
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios autenticados podían inyectar código en variables de entorno de algoritmos, lo que daba como resultado la ejecución remota de código. • https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37518 – A code injection vulnerability affects HCL BigFix ServiceNow Data Flow
https://notcve.org/view.php?id=CVE-2023-37518
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0788 – SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation
https://notcve.org/view.php?id=CVE-2024-0788
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. SUPERAntiSpyware Pro X v10.0.1260 es vulnerable a la manipulación de parámetros API a nivel de kernel y vulnerabilidades de denegación de servicio al activar el código IOCTL 0x9C402140 del controlador saskutil64.sys. • https://fluidattacks.com/advisories/brubeck https://www.superantispyware.com/professional-x-edition.html • CWE-20: Improper Input Validation CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •