CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6936 – formtools.org Form Tools Setting code injection
https://notcve.org/view.php?id=CVE-2024-6936
The manipulation of the argument Page Theme leads to code injection. ... Mittels dem Manipulieren des Arguments Page Theme mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/DeepMountains/Mirage/blob/main/CVE2-2.md https://vuldb.com/?ctiid.271991 https://vuldb.com/?id.271991 https://vuldb.com/?submit.372318 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39962
https://notcve.org/view.php?id=CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. Se descubrió que D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 contiene una vulnerabilidad de ejecución remota de código (RCE) en el parámetro ntp_zone_val en /goform/set_ntp. Esta vulnerabilidad se explota mediante una solicitud HTTP manipulada. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34729 – PowerVR Dangling Page Table Entry
https://notcve.org/view.php?id=CVE-2024-34729
In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. • https://source.android.com/security/bulletin/2024-11-01 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. El atacante debía iniciar sesión correctamente en el sistema para lanzar un ataque, por lo que se trata de una vulnerabilidad de impacto moderado. Mitigación: todos los usuarios deben actualizar a 2.1.4 • http://www.openwall.com/lists/oss-security/2024/07/18/1 https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29014
https://notcve.org/view.php?id=CVE-2024-29014
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •