CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2024-37273
https://notcve.org/view.php?id=CVE-2024-37273
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2024-36858
https://notcve.org/view.php?id=CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37061
https://notcve.org/view.php?id=CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. • https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37060
https://notcve.org/view.php?id=CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. • https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2024-36104 – Apache OFBiz: Path traversal leading to a RCE
https://notcve.org/view.php?id=CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.14. Se recomienda a los usuarios actualizar a la versión 18.12.14, que soluciona el problema. • https://github.com/ggfzx/CVE-2024-36104 http://www.openwall.com/lists/oss-security/2024/06/03/1 https://issues.apache.org/jira/browse/OFBIZ-13092 https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •