CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1. Neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ("Inyección de comandos del sistema operativo"), vulnerabilidad de administración de privilegios inadecuada en las herramientas de migración de openEuler en Linux permite la inyección de comandos y la elevación de privilegios de descanso. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. Este problema afecta a las herramientas de migración: desde 1.0.0 hasta 1.0.1. • https://gitee.com/src-openeuler/migration-tools/pulls/12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24899 – Command injection in aops-zeus
https://notcve.org/view.php?id=CVE-2024-24899
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler aops-zeus en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. Este problema afecta a aops-zeus: desde 1.2.0 hasta 1.4.0. • https://gitee.com/src-openeuler/aops-zeus/pulls/107 https://gitee.com/src-openeuler/aops-zeus/pulls/108 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24890 – Command injection in ioprobe of gala-gopher
https://notcve.org/view.php?id=CVE-2024-24890
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler gala-gopher en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. Este problema afecta a gala-gopher: hasta 1.0.2. • https://gitee.com/src-openeuler/gala-gopher/pulls/81 https://gitee.com/src-openeuler/gala-gopher/pulls/82 https://gitee.com/src-openeuler/gala-gopher/pulls/85 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33633 – Command Injection in aops-ceres
https://notcve.org/view.php?id=CVE-2021-33633
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler aops-ceres en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con los archivos de programa ceres/function/util.Py. Este problema afecta a aops-ceres: desde 1.3.0 hasta 1.4.1. • https://gitee.com/src-openeuler/aops-ceres/pulls/158 https://gitee.com/src-openeuler/aops-ceres/pulls/159 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33638 – Run copy with container in a malicious directory may cause container escaping
https://notcve.org/view.php?id=CVE-2021-33638
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. Cuando el comando isula cp se usa para copiar archivos de un contenedor a una máquina host y el contenedor está controlado por un atacante, el atacante puede escapar del contenedor. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-665: Improper Initialization •