CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-24724 – Gibbon LMS v26.0.00 - SSTI vulnerability
https://notcve.org/view.php?id=CVE-2024-24724
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. ... Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/51962 https://gibbonedu.org/download https://packetstormsecurity.com/files/177857 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20039
https://notcve.org/view.php?id=CVE-2024-20039
This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2024 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2658 – Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-2658
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-30370 – RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-30370
This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. ... This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed https://www.zerodayinitiative.com/advisories/ZDI-24-357 • CWE-693: Protection Mechanism Failure •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41724
https://notcve.org/view.php?id=CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. Una vulnerabilidad de inyección de comandos en Ivanti Sentry anterior a 9.19.0 permite que un actor de amenazas no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo dentro de la misma red física o lógica. • https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •