CVE-2024-7299

CVE-2024-7299

Título es
CVE-2024-7299

Mié, 31/07/2024 – 07:15

Tipo
CWE-79

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2024-7299

Descripción es
** NO SOPORTADO CUANDO SE ASIGNÓ ** Se encontró una vulnerabilidad en Bolt CMS 3.7.1. Ha sido calificada como problemática. Este problema afecta un procesamiento desconocido del archivo /preview/page del componente Entry Preview Handler. La manipulación del argumento body conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273167. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contactó al proveedor tempranamente y se confirmó que el árbol de lanzamiento afectado ha llegado al final de su vida útil.

Descripción en
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.

31/07/2024
31/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

  • https://vuldb.com/?ctiid_273167=

  • https://vuldb.com/?id_273167=

  • https://vuldb.com/?submit_379971=

    • Enviar en el boletín
    Off

    CVE-2024-6980

    CVE-2024-6980

    Título es
    CVE-2024-6980

    Mié, 31/07/2024 – 07:15

    Tipo
    CWE-209

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6980

    Descripción es
    Un problema detallado de manejo de errores en el servicio proxy implementado en GravityZone Update Server permite a un atacante provocar server-side request forgery. Este problema solo afecta a las versiones de GravityZone Console anteriores a 6.38.1-5 que se ejecutan solo en las instalaciones.

    Descripción en
    A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

    31/07/2024
    31/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.bitdefender.com/consumer/support/support/security-advisories/verbose-error-handling-issue-in-gravityzone-update-server-proxy-service/

    • Enviar en el boletín
    Off

    CVE-2024-7284

    CVE-2024-7284

    Título es
    CVE-2024-7284

    Mié, 31/07/2024 – 03:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7284

    Descripción en
    A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gist.github.com/topsky979/16da371a38fd91d64765fd16ed3d049e

  • https://vuldb.com/?ctiid_273153=

  • https://vuldb.com/?id_273153=

  • https://vuldb.com/?submit_381223=

    • Enviar en el boletín
    Off

    CVE-2024-39944

    CVE-2024-39944

    Título es
    CVE-2024-39944

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39944

    Descripción en
    A vulnerability has been found in Dahua products.Attackers
    can send carefully crafted data packets to the interface with vulnerabilities,
    causing the device to crash.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39946

    CVE-2024-39946

    Título es
    CVE-2024-39946

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39946

    Descripción en
    A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39945

    CVE-2024-39945

    Título es
    CVE-2024-39945

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39945

    Descripción en
    A vulnerability has been found in Dahua products.  After
    obtaining the administrator's username and password, the attacker can send a
    carefully crafted data packet to the interface with vulnerabilities, causing
    the device to crash.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39947

    CVE-2024-39947

    Título es
    CVE-2024-39947

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39947

    Descripción en
    A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39950

    CVE-2024-39950

    Título es
    CVE-2024-39950

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39950

    Descripción en
    A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39949

    CVE-2024-39949

    Título es
    CVE-2024-39949

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39949

    Descripción en
    A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off

    CVE-2024-39948

    CVE-2024-39948

    Título es
    CVE-2024-39948

    Mié, 31/07/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39948

    Descripción en
    A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

    31/07/2024
    31/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

    • Enviar en el boletín
    Off