CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38363 – Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
https://notcve.org/view.php?id=CVE-2024-38363
Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. ... La imagen acoplable del generador de conexiones Airbyte es vulnerable a RCE a través de SSTI, lo que permite a un atacante remoto autenticado ejecutar código arbitrario en el servidor como usuario del servidor web. • https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39865
https://notcve.org/view.php?id=CVE-2024-39865
This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39571
https://notcve.org/view.php?id=CVE-2024-39571
This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-928781.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39570
https://notcve.org/view.php?id=CVE-2024-39570
This could allow an authenticated attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-928781.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-39569
https://notcve.org/view.php?id=CVE-2024-39569
This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. • https://cert-portal.siemens.com/productcert/html/ssa-868282.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •