CVE-2024-39069
https://notcve.org/view.php?id=CVE-2024-39069
An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. • https://github.com/AungSoePaing/CVE-2024-39069 https://youtu.be/oMIobV2M0T8 • CWE-491: Public cloneable() Method Without Final ('Object Hijack') •
CVE-2024-38959
https://notcve.org/view.php?id=CVE-2024-38959
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter. • https://medium.com/%40geetmadan22/reflected-cross-site-scripting-on-academy-lms-learning-management-system-product-4ab04ef51022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37928 – WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37928
This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-6409 – Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
https://notcve.org/view.php?id=CVE-2024-6409
If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. ... As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. • http://www.openwall.com/lists/oss-security/2024/07/08/2 http://www.openwall.com/lists/oss-security/2024/07/09/2 http://www.openwall.com/lists/oss-security/2024/07/09/5 http://www.openwall.com/lists/oss-security/2024/07/10/1 http://www.openwall.com/lists/oss-security/2024/07/10/2 https://access.redhat.com/errata/RHSA-2024:4457 https://access.redhat.com/errata/RHSA-2024:4613 https://access.redhat.com/errata/RHSA-2024:4716 https://access.redhat. • CWE-364: Signal Handler Race Condition •
CVE-2023-47856
https://notcve.org/view.php?id=CVE-2023-47856
A specially crafted series of network requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1892 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •