CVE-2024-33438
https://notcve.org/view.php?id=CVE-2024-33438
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. • https://github.com/julio-cfa/CVE-2024-33438 https://forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-update https://github.com/cubecart/v6 https://github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-25048 – IBM MQ code execution
https://notcve.org/view.php?id=CVE-2024-25048
A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283137 https://www.ibm.com/support/pages/node/7149481 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-32878 – Use of Uninitialized Variable Vulnerability in llama.cpp
https://notcve.org/view.php?id=CVE-2024-32878
There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. ... Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). This vulnerability has been patched in commit b2740. ... Provoca que llama.cpp falle (DoS) e incluso puede provocar la ejecución de código arbitrario (RCE). Esta vulnerabilidad ha sido parcheada en el commit b2740. • https://github.com/ggerganov/llama.cpp/releases/tag/b2749 https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-p5mv-gjc5-mwqv • CWE-456: Missing Initialization of a Variable •
CVE-2024-32880 – pyLoad allows upload to arbitrary folder lead to RCE
https://notcve.org/view.php?id=CVE-2024-32880
An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. • https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51364 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-51364
Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 compilación 20231128 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of admin. • https://www.qnap.com/en/security-advisory/qsa-24-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •