CVE-2024-53554
https://notcve.org/view.php?id=CVE-2024-53554
A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. • https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing https://gist.githubusercontent.com/Tommywarren/5ed67ab173ed60faeb791215d68e3fac/raw/352cb4259c0d41d70a206d108b5578c15824b2ff/CVE-2024-53554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-53909
https://notcve.org/view.php?id=CVE-2024-53909
It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-53910
https://notcve.org/view.php?id=CVE-2024-53910
It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-53911
https://notcve.org/view.php?id=CVE-2024-53911
It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-53912
https://notcve.org/view.php?id=CVE-2024-53912
It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •