CVE-2024-6822 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6822
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. •
CVE-2024-6815 – IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6815
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. •
CVE-2024-37084 – CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
https://notcve.org/view.php?id=CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server • https://github.com/Kayiyan/CVE-2024-37084-Poc https://github.com/vuhz/CVE-2024-37084 https://github.com/Ly4j/CVE-2024-37084-Exp https://github.com/A0be/CVE-2024-37084-Exp https://spring.io/security/cve-2024-37084 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40318
https://notcve.org/view.php?id=CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318 https://github.com/3v1lC0d3/RCE-QloApps/blob/main/qloapps--RCE.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-41135 – Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
https://notcve.org/view.php?id=CVE-2024-41135
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •