CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52308 – Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
https://notcve.org/view.php?id=CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. ... `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand="echo hacked" #`. • https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10397
https://notcve.org/view.php?id=CVE-2024-10397
A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. • https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49362 – Remote Code Execution on click of <a> Link in markdown preview
https://notcve.org/view.php?id=CVE-2024-49362
Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52524 – ReDoS in Giskard Scan text perturbation
https://notcve.org/view.php?id=CVE-2024-52524
A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. • https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3 https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6068 – Input Validation Vulnerability exists in Arena® Input Analyzer
https://notcve.org/view.php?id=CVE-2024-6068
Local threat actors can exploit this issue to disclose information and to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD17011.html • CWE-1284: Improper Validation of Specified Quantity in Input •