CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37060
https://notcve.org/view.php?id=CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. • https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2024-36104 – Apache OFBiz: Path traversal leading to a RCE
https://notcve.org/view.php?id=CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.14. Se recomienda a los usuarios actualizar a la versión 18.12.14, que soluciona el problema. • https://github.com/ggfzx/CVE-2024-36104 http://www.openwall.com/lists/oss-security/2024/06/03/1 https://issues.apache.org/jira/browse/OFBIZ-13092 https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-20878
https://notcve.org/view.php?id=CVE-2024-20878
Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-20877
https://notcve.org/view.php?id=CVE-2024-20877
Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-29974
https://notcve.org/view.php?id=CVE-2024-29974
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. • https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •