CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23647 – PKCE downgrade attack in Authentik
https://notcve.org/view.php?id=CVE-2024-23647
Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. • https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21649 – Remote code execution
https://notcve.org/view.php?id=CVE-2024-21649
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios autenticados podían inyectar código en variables de entorno de algoritmos, lo que daba como resultado la ejecución remota de código. • https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37518 – A code injection vulnerability affects HCL BigFix ServiceNow Data Flow
https://notcve.org/view.php?id=CVE-2023-37518
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0788 – SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation
https://notcve.org/view.php?id=CVE-2024-0788
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. SUPERAntiSpyware Pro X v10.0.1260 es vulnerable a la manipulación de parámetros API a nivel de kernel y vulnerabilidades de denegación de servicio al activar el código IOCTL 0x9C402140 del controlador saskutil64.sys. • https://fluidattacks.com/advisories/brubeck https://www.superantispyware.com/professional-x-edition.html • CWE-20: Improper Input Validation CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1015 – Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
https://notcve.org/view.php?id=CVE-2024-1015
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. Vulnerabilidad de ejecución remota de comandos en SE-elektronic GmbH E-DDC3.3 que afecta a las versiones 03.07.03 y superiores. Un atacante podría enviar diferentes comandos desde el sistema operativo al sistema a través de la funcionalidad de configuración web del dispositivo. • https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products • CWE-94: Improper Control of Generation of Code ('Code Injection') •