CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10397
https://notcve.org/view.php?id=CVE-2024-10397
14 Nov 2024 — A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. • https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49362 – Remote Code Execution on click of <a> Link in markdown preview
https://notcve.org/view.php?id=CVE-2024-49362
14 Nov 2024 — Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-4343 – Python Command Injection in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-4343
14 Nov 2024 — The vulnerability arises due to the use of the `eval()` function to parse a string received from a remote AWS SageMaker LLM endpoint into a dictionary. This method of parsing is unsafe as it can execute arbitrary Python code contained within the response. An attacker can exploit this vulnerability by manipulating the response from the AWS SageMaker LLM endpoint to include malicious Python code, leading to potential execution of arbitrary commands on the system hosting the applica... • https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52524 – ReDoS in Giskard Scan text perturbation
https://notcve.org/view.php?id=CVE-2024-52524
14 Nov 2024 — A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. • https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6068 – Input Validation Vulnerability exists in Arena® Input Analyzer
https://notcve.org/view.php?id=CVE-2024-6068
14 Nov 2024 — Local threat actors can exploit this issue to disclose information and to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD17011.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-52302 – common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-52302
14 Nov 2024 — This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE). • https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
14 Nov 2024 — That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. ... Issues addressed include a code execution vulnerability. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5082 – Nexus Repository 2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5082
14 Nov 2024 — A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36488 – Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36488
13 Nov 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Intel Driver & Support Assistant service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01200.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43091
https://notcve.org/view.php?id=CVE-2024-43091
13 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •