CVE-2024-41886 – Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-41886
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation •
CVE-2024-41887 – Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2024-41887
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-56363 – APTRS has SSTI vulnerability
https://notcve.org/view.php?id=CVE-2024-56363
Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. • https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11 https://github.com/APTRS/APTRS/security/advisories/GHSA-h4w2-hvcg-938j • CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page •
CVE-2024-12903 – Incorrect default permissions in Biamp Evoko Home
https://notcve.org/view.php?id=CVE-2024-12903
A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home • CWE-276: Incorrect Default Permissions •
CVE-2024-56334 – Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
https://notcve.org/view.php?id=CVE-2024-56334
This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. • https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41 https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m • CWE-94: Improper Control of Generation of Code ('Code Injection') •