CVE-2024-51358
https://notcve.org/view.php?id=CVE-2024-51358
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. • https://github.com/Kov404/CVE-2024-51358 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-51132 – org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
https://notcve.org/view.php?id=CVE-2024-51132
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. ... This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. • https://github.com/JAckLosingHeart/CVE-2024-51132-POC https://github.com/hapifhir/org.hl7.fhir.core https://access.redhat.com/security/cve/CVE-2024-51132 https://bugzilla.redhat.com/show_bug.cgi?id=2323897 https://docs.redhat.com/en/documentation/red_hat_build_of_apache_camel_k/1.10.8/html/release_notes_for_red_hat_build_of_apache_camel_k/camel-k-relnotes_camelk#supported_camel_quarkus_connector_extensions • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2024-51136
https://notcve.org/view.php?id=CVE-2024-51136
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. • https://github.com/JAckLosingHeart/CVE-2024-51136-POC https://github.com/openimaj/openimaj https://github.com/openimaj/openimaj/issues/382 https://mvnrepository.com/artifact/org.openimaj.tools/WebTools • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •