CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31466 – Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-31466
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31556
https://notcve.org/view.php?id=CVE-2024-31556
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. • https://github.com/reportico-web/reportico/issues/53 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 2CVE-2024-32004 – Git vulnerable to Remote Code Execution while cloning special-crafted local repositories
https://notcve.org/view.php?id=CVE-2024-32004
Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. ... If the victim clones this repository, the attacker can execute arbitrary code. • https://github.com/Wadewfsssss/CVE-2024-32004 https://github.com/10cks/CVE-2024-32004-POC http://www.openwall.com/lists/oss-security/2024/05/14/2 https://git-scm.com/docs/git-clone https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTX • CWE-114: Process Control •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 41CVE-2024-32002 – Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-32002
This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. ... This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control. • https://github.com/amalmurali47/git_rce https://github.com/amalmurali47/hook https://github.com/bonnettheo/CVE-2024-32002 https://github.com/WOOOOONG/CVE-2024-32002 https://github.com/WOOOOONG/hook https://github.com/markuta/hooky https://github.com/markuta/CVE-2024-32002 https://github.com/bfengj/CVE-2024-32002-Exploit https://github.com/bfengj/CVE-2024-32002-hook https://github.com/tiyeume25112004/CVE-2024-32002 https://github.com/charlesgargasson/CVE-2024-32002 https:& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2023-24204
https://notcve.org/view.php?id=CVE-2023-24204
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. • https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204 https://momonguyen.com/2023/cve-2023-24203 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •