CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41950 – Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
https://notcve.org/view.php?id=CVE-2024-41950
31 Jul 2024 — Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. • https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37901 – XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
https://notcve.org/view.php?id=CVE-2024-37901
31 Jul 2024 — Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. • https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7352 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7352
31 Jul 2024 — PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the curren... • https://www.zerodayinitiative.com/advisories/ZDI-24-1037 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6233 – Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6233
31 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41630
https://notcve.org/view.php?id=CVE-2024-41630
31 Jul 2024 — Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. • https://palm-vertebra-fe9.notion.site/form_fast_setting_wifi_set-fd47294cf4bb460bb95f804d39e53f34 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42229 – crypto: aead,cipher - zeroize key buffer after use
https://notcve.org/view.php?id=CVE-2024-42229
30 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42224 – net: dsa: mv88e6xxx: Correct check for empty list
https://notcve.org/view.php?id=CVE-2024-42224
30 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42161 – bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
https://notcve.org/view.php?id=CVE-2024-42161
30 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42160 – f2fs: check validation of fault attrs in f2fs_build_fault_attr()
https://notcve.org/view.php?id=CVE-2024-42160
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. • https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42159 – scsi: mpi3mr: Sanitise num_phys
https://notcve.org/view.php?id=CVE-2024-42159
30 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df • CWE-787: Out-of-bounds Write •