CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39963
https://notcve.org/view.php?id=CVE-2024-39963
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. Se descubrió que el enrutador AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 y AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 contenían una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través de el parámetro macFilterType en /goform/setMacFilterCfg. • https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39962
https://notcve.org/view.php?id=CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. ... Se descubrió que D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 contiene una vulnerabilidad de ejecución remota de código (RCE) en el parámetro ntp_zone_val en /goform/set_ntp. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41111 – BishopFox Sliver Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-41111
Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. ... As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." ... La versión 1.6.0 (prelanzamiento) de Sliver es vulnerable a RCE en el servidor de equipos por parte de un usuario "operador" con pocos privilegios. El RCE actúa como usuario raíz del sistema. • https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 https://github.com/BishopFox/sliver/issues/65 https://github.com/BishopFox/sliver/pull/1281 https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 https://sliver.sh/docs?name=Multi-player+Mode • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40629 – Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40629
An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. ... Un atacante puede aprovechar el manual de Ansible para escribir archivos arbitrarios, lo que lleva a la ejecución remota de código (RCE) en el contenedor Celery. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39907 – a sqlinjection in 1Panel
https://notcve.org/view.php?id=CVE-2024-39907
Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no están bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en última instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versión 1.10.12-tls. • https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •