CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54907
https://notcve.org/view.php?id=CVE-2024-54907
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. • https://github.com/MnrikSrins/totolink_A3002R_RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52046 – Apache MINA: MINA applications using unbounded deserialization may allow RCE
https://notcve.org/view.php?id=CVE-2024-52046
This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. ... Esta vulnerabilidad permite a los atacantes aprovechar el proceso de deserialización enviando datos serializados maliciosos especialmente manipulados, lo que podría provocar ataques de ejecución remota de código (RCE). Este problema afecta a las versiones principales de MINA 2.0.X, 2.1.X y 2.2.X y se solucionará con las versiones 2.0.27, 2.1.10 y 2.2.4. • https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 http://www.openwall.com/lists/oss-security/2024/12/25/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41882 – Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-41882
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41883 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41883
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41884 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41884
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •