CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41956 – Soft Serve allows arbitrary code execution by crafting git-lfs requests
https://notcve.org/view.php?id=CVE-2024-41956
01 Aug 2024 — Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. • https://github.com/charmbracelet/soft-serve/commit/4daebdd422a6ba8c04162d023f8be355a8fe3184 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6873 – Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.
https://notcve.org/view.php?id=CVE-2024-6873
01 Aug 2024 — This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. ... This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. • https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41961 – Elektra vulnerable to remote code execution in universal search
https://notcve.org/view.php?id=CVE-2024-41961
01 Aug 2024 — A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. • https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38481
https://notcve.org/view.php?id=CVE-2024-38481
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38490
https://notcve.org/view.php?id=CVE-2024-38490
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38489
https://notcve.org/view.php?id=CVE-2024-38489
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25948
https://notcve.org/view.php?id=CVE-2024-25948
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25947
https://notcve.org/view.php?id=CVE-2024-25947
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7256 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7256
01 Aug 2024 — Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
01 Aug 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://kb.nomachine.com/TR07V11184 • CWE-427: Uncontrolled Search Path Element •