CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21697
https://notcve.org/view.php?id=CVE-2024-21697
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9 Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20 See the release notes ([https://www.sourcetreeapp.com/download-archives]). • https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091 https://jira.atlassian.com/browse/SRCTREE-8168 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48992
https://notcve.org/view.php?id=CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f https://www.cve.org/CVERecord?id=CVE-2024-48992 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48991
https://notcve.org/view.php?id=CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 https://www.cve.org/CVERecord?id=CVE-2024-48991 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48990
https://notcve.org/view.php?id=CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. • https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab https://www.cve.org/CVERecord?id=CVE-2024-48990 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11278 – GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11278
This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/gd-bbpress-attachments/trunk/code/front.php#L280 https://plugins.trac.wordpress.org/changeset/3189863/gd-bbpress-attachments/trunk/code/front.php https://www.wordfence.com/threat-intel/vulnerabilities/id/6f598cfc-4d41-4d22-95f0-47efdb7d07a2? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •