CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41111 – BishopFox Sliver Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-41111
18 Jul 2024 — Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. ... As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." ... La versión 1.6.0 (prelanzamiento) de Sliver es vulnerable a RCE en el servidor de equipos por parte d... • https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40629 – Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40629
18 Jul 2024 — An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. ... Un atacante puede aprovechar el manual de Ansible para escribir archivos arbitrarios, lo que lleva a la ejecución remota de código (RCE) en el contenedor Celery. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39907 – a sqlinjection in 1Panel
https://notcve.org/view.php?id=CVE-2024-39907
18 Jul 2024 — Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no están bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en última instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versión 1.10.12-tls. • https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
18 Jul 2024 — On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. ... Mitigación: todos los usuarios deben actualizar a 2.1.4 On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must succ... • http://www.openwall.com/lists/oss-security/2024/07/18/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41011 – drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
https://notcve.org/view.php?id=CVE-2024-41011
18 Jul 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/d8e408a82704c86ba87c3d58cfe69dcdb758aa07 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6811 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6811
18 Jul 2024 — IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-903 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39173
https://notcve.org/view.php?id=CVE-2024-39173
18 Jul 2024 — calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. Se descubrió que calculadora-boilerplate v1.0 contiene una vulnerabilidad de ejecución remota de código (RCE) a través de la función eval en /routes/calculator.js. • http://kropov.com/calculator-boilerplate-cve.txt • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6813 – NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6813
18 Jul 2024 — NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulne... • https://kb.netgear.com/000066231/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6814 – NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6814
18 Jul 2024 — NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vul... • https://kb.netgear.com/000066232/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6812 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6812
18 Jul 2024 — IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-904 • CWE-787: Out-of-bounds Write •