CVE-2024-40500
https://notcve.org/view.php?id=CVE-2024-40500
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. • https://github.com/nitipoom-jar/CVE-2024-40500 https://nitipoom-jar.github.io/CVE-2024-40500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-39091
https://notcve.org/view.php?id=CVE-2024-39091
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. • https://joerngermany.github.io/mipc_vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-7589 – OpenSSH pre-authentication async signal safety issue
https://notcve.org/view.php?id=CVE-2024-7589
The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. • https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc https://www.cve.org/CVERecord?id=CVE-2006-5051 https://www.cve.org/CVERecord?id=CVE-2024-6387 • CWE-364: Signal Handler Race Condition •
CVE-2024-42469 – CometVisu Backend for openHAB affected by RCE through path traversal
https://notcve.org/view.php?id=CVE-2024-42469
If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. • https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-42467 – CometVisu Backend for openHAB affected by SSRF/XSS
https://notcve.org/view.php?id=CVE-2024-42467
This issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities. • https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83 https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3 • CWE-918: Server-Side Request Forgery (SSRF) •