CVE-2024-43202 – Apache DolphinScheduler: Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43202
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. • https://github.com/apache/dolphinscheduler/pull/15758 https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5 https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh https://www.cve.org/CVERecord?id=CVE-2023-49109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-7795 – Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7795
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. ... An attacker can leverage this vulnerability to execute code in the context of the device. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.zerodayinitiative.com/advisories/ZDI-24-1154 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-30949
https://notcve.org/view.php?id=CVE-2024-30949
An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. • https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661 https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4 • CWE-787: Out-of-bounds Write •
CVE-2024-42598
https://notcve.org/view.php?id=CVE-2024-42598
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-42563
https://notcve.org/view.php?id=CVE-2024-42563
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. • https://gist.github.com/topsky979/f645f99661ff33aed44d65dfa49e36fe • CWE-434: Unrestricted Upload of File with Dangerous Type •