CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54907
https://notcve.org/view.php?id=CVE-2024-54907
26 Dec 2024 — TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. • https://github.com/MnrikSrins/totolink_A3002R_RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52046 – Apache MINA: MINA applications using unbounded deserialization may allow RCE
https://notcve.org/view.php?id=CVE-2024-52046
25 Dec 2024 — This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This vulnerability allows attackers to exploit the deseriali... • https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41882 – Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-41882
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41883 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41883
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41884 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41884
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41885 – Hardcoding sensitive information
https://notcve.org/view.php?id=CVE-2024-41885
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41886 – Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-41886
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41887 – Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2024-41887
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56363 – APTRS has SSTI vulnerability
https://notcve.org/view.php?id=CVE-2024-56363
23 Dec 2024 — Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. ... If the input is rendered without sufficient sanitization, it results in the execution of malicious Jin... • https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11 • CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56326 – Jinja has a sandbox breakout through indirect reference to format method
https://notcve.org/view.php?id=CVE-2024-56326
23 Dec 2024 — Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. ... In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. ... An attacker could possibly use this issue to execute arbitrary code. An atta... • https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 • CWE-693: Protection Mechanism Failure CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •