agosto 2024 - Página 12 de 135

29 Ago 2024

CVE-2024-43920

Título es

CVE-2024-43920

Jue, 29/08/2024 – 19:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43920

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/gutenverse/wordpress-gutenverse-gutenberg-blocks-page-builder-for-site-editor-plugin-1-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-35118

Título es

CVE-2024-35118

Jue, 29/08/2024 – 16:15

Tipo

CWE-798

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-35118

Descripción en

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://exchange.xforce.ibmcloud.com/vulnerabilities/290341

https://www.ibm.com/support/pages/node/7166750

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43965

Título es

CVE-2024-43965

Jue, 29/08/2024 – 16:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43965

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/wp-sendgrid-mailer/wordpress-sendgrid-for-wordpress-plugin-1-4-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43957

Título es

CVE-2024-43957

Jue, 29/08/2024 – 16:15

Tipo

CWE-22

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43957

Descripción en

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/animated-number-counters/wordpress-animated-number-counters-plugin-1-9-editor-limited-local-file-inclusion-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43955

Título es

CVE-2024-43955

Jue, 29/08/2024 – 16:15

Tipo

CWE-22

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43955

Descripción en

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

10.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-unauthenticated-arbitrary-file-download-deletion-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43954

Título es

CVE-2024-43954

Jue, 29/08/2024 – 16:15

Tipo

CWE-863

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43954

Descripción en

Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-subscriber-settings-change-data-exposure-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43944

Título es

CVE-2024-43944

Jue, 29/08/2024 – 16:15

Tipo

CWE-863

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43944

Descripción en

Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

3.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://patchstack.com/database/vulnerability/maintenance-coming-soon-redirect-animation/wordpress-maintenance-coming-soon-redirect-animation-plugin-2-1-3-ip-bypass-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43943

Título es

CVE-2024-43943

Jue, 29/08/2024 – 16:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43943

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/greenshiftwoo/wordpress-greenshift-woocommerce-addon-plugin-1-9-8-subscriber-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-8255

Título es

CVE-2024-8255

Jue, 29/08/2024 – 16:15

Tipo

CWE-502

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-8255

Descripción en

Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.

29/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-02

Enviar en el boletín

Off

29 Ago 2024

CVE-2024-43931

Título es

CVE-2024-43931

Jue, 29/08/2024 – 15:15

Tipo

CWE-502

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43931

Descripción en

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.

29/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-3-php-object-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

Archivos mensuales: agosto 2024