CVE-2024-23466 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23466
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-23469 – SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23469
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-20: Improper Input Validation •
CVE-2024-31411 – Apache StreamPipes: Potential remote code execution (RCE) via file upload
https://notcve.org/view.php?id=CVE-2024-31411
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. • https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-39877 – Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
https://notcve.org/view.php?id=CVE-2024-39877
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. • https://github.com/apache/airflow/pull/40522 https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-277: Insecure Inherited Permissions •
CVE-2024-40420
https://notcve.org/view.php?id=CVE-2024-40420
A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload. • https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •