CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
25 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1. Neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ("Inye... • https://gitee.com/src-openeuler/migration-tools/pulls/12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24899 – Command injection in aops-zeus
https://notcve.org/view.php?id=CVE-2024-24899
25 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en... • https://gitee.com/src-openeuler/aops-zeus/pulls/107 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24897 – Remote command execution in A-Tune-Collector
https://notcve.org/view.php?id=CVE-2024-24897
25 Mar 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en o... • https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24890 – Command injection in ioprobe of gala-gopher
https://notcve.org/view.php?id=CVE-2024-24890
25 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando d... • https://gitee.com/src-openeuler/gala-gopher/pulls/81 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33632 – TOCTOU Race Condition problem in iSulad
https://notcve.org/view.php?id=CVE-2021-33632
25 Mar 2024 — Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2. La vulnerabilidad de condición de ejecución de tiempo de verificación y tiempo de uso (TOCTOU) en openEuler iSulad en Linux permite aprovechar las condicio... • https://gitee.com/src-openeuler/iSulad/pulls/639 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33633 – Command Injection in aops-ceres
https://notcve.org/view.php?id=CVE-2021-33633
23 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler aops-ceres en Linux permite la inyec... • https://gitee.com/src-openeuler/aops-ceres/pulls/158 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33638 – Run copy with container in a malicious directory may cause container escaping
https://notcve.org/view.php?id=CVE-2021-33638
29 Oct 2023 — When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. Cuando el comando isula cp se usa para copiar archivos de un contenedor a una máquina host y el contenedor está controlado por un atacante, el atacante puede escapar del contenedor. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33637 – Export container in a malicious directory may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33637
29 Oct 2023 — When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. Cuando el comando isula export se utiliza para exportar un contenedor a una imagen y el contenedor está controlado por un atacante, el atacante puede escapar del contenedor. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33636 – Load malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33636
29 Oct 2023 — When the isula load command is used to load malicious images, attackers can execute arbitrary code. Cuando el comando isula load se utiliza para cargar imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33635 – Pull malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33635
29 Oct 2023 — When malicious images are pulled by isula pull, attackers can execute arbitrary code. Cuando isula pull extrae imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •