CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8178 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-8178
A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42885
https://notcve.org/view.php?id=CVE-2024-42885
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. • https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6260 – Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6260
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45053 – Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
https://notcve.org/view.php?id=CVE-2024-45053
Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. • https://github.com/ethyca/fides/commit/829cbd9cb5ef9c814fbac1ed6800e8d939d359c5 https://github.com/ethyca/fides/security/advisories/GHSA-c34r-238x-f7qx • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 55%CPEs: 1EXPL: 0CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Vulnerabilidad de Server-Side Request Forgery (SSRF) y control inadecuado de la generación de código ('inyección de código') en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versión 18.12.16. Se recomienda a los usuarios que actualicen a la versión 18.12.16, que soluciona el problema. • https://issues.apache.org/jira/browse/OFBIZ-13132 https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •