CVE-2024-10220 – Arbitrary command execution through gitRepo volume
https://notcve.org/view.php?id=CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. • https://github.com/kubernetes/kubernetes/issues/128885 https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko http://www.openwall.com/lists/oss-security/2024/11/20/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-38117 – Possible Remote Code Execution Vulnerability OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38117
Possible Command injection Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11620 – WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-11620
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231. • https://patchstack.com/database/wordpress/plugin/seo-by-rank-math/vulnerability/wordpress-rank-math-seo-plugin-1-0-231-arbitrary-htaccess-overwrite-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-52052 – Stream Target Remote Code Execution in Wowza Streaming Engine
https://notcve.org/view.php?id=CVE-2024-52052
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. • https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m https://github.com/argoproj/argo-helm/commit/81dc44c4a5ccd42c799469a78eb96a68048a4987 • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •