CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 12CVE-2024-23692 – Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
https://notcve.org/view.php?id=CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. • https://github.com/verylazytech/CVE-2024-23692 https://github.com/0x20c/CVE-2024-23692-EXP https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692 https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS https://github.com/vanboomqi/CVE-2024-23692 https://github.com/BBD-YZZ/CVE-2024-23692 https://github.com/k3lpi3b4nsh33/CVE-2024-23692 https://github.com/Tupler/CVE-2024-23692-exp https://github.com/Mr-r00t11/CVE-2024-23692 https://github.com/WanL • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5436 – Type Confusion in Snapchat Lenscore
https://notcve.org/view.php?id=CVE-2024-5436
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. • https://hackerone.com/snapchat • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5271 – Fuji Electric Monitouch V-SFT Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-5271
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-36954 – tipc: fix a possible memleak in tipc_buf_append
https://notcve.org/view.php?id=CVE-2024-36954
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: soluciona un posible memleak en tipc_buf_append __skb_linearize() no libera el skb cuando falla, así que mueve '*buf = NULL' después de __skb_linearize(), para que el skb se puede liberar en la ruta de error. • https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966 https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026 https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 2CVE-2024-3924 – Code Injection in huggingface/text-generation-inference
https://notcve.org/view.php?id=CVE-2024-3924
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. ... Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. • https://github.com/zunak/CVE-2024-39249 https://github.com/jasonthename/CVE-2024-39248 https://github.com/huggingface/text-generation-inference/commit/88702d876383f7200eccf67e28ba00500dc804bb https://huntr.com/bounties/8af92fc2-0103-4d29-bb28-c3893154c422 • CWE-94: Improper Control of Generation of Code ('Code Injection') •