CVE-2024-42009

CVE-2024-42009

Título es
CVE-2024-42009

Lun, 05/08/2024 – 19:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-42009

Descripción en
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

05/08/2024
05/08/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/roundcube/roundcubemail/releases

  • https://github.com/roundcube/roundcubemail/releases/tag/1.5.8

  • https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

  • https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

  • https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

    • Enviar en el boletín
    Off

    CVE-2024-42008

    CVE-2024-42008

    Título es
    CVE-2024-42008

    Lun, 05/08/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42008

    Descripción en
    A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/roundcube/roundcubemail/releases

  • https://github.com/roundcube/roundcubemail/releases/tag/1.5.8

  • https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

  • https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

  • https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

    • Enviar en el boletín
    Off

    CVE-2024-33026

    CVE-2024-33026

    Título es
    CVE-2024-33026

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-126

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33026

    Descripción en
    Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off

    CVE-2024-33025

    CVE-2024-33025

    Título es
    CVE-2024-33025

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-126

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33025

    Descripción en
    Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off

    CVE-2024-33034

    CVE-2024-33034

    Título es
    CVE-2024-33034

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33034

    Descripción en
    Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off

    CVE-2024-33028

    CVE-2024-33028

    Título es
    CVE-2024-33028

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33028

    Descripción en
    Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off

    CVE-2024-33027

    CVE-2024-33027

    Título es
    CVE-2024-33027

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33027

    Descripción en
    Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off

    CVE-2023-31355

    CVE-2023-31355

    Título es
    CVE-2023-31355

    Lun, 05/08/2024 – 16:15

    Tipo
    CWE-119

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-31355

    Descripción en
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html

    • Enviar en el boletín
    Off

    CVE-2024-21980

    CVE-2024-21980

    Título es
    CVE-2024-21980

    Lun, 05/08/2024 – 16:15

    Tipo
    CWE-119

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-21980

    Descripción en
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html

    • Enviar en el boletín
    Off

    CVE-2024-21978

    CVE-2024-21978

    Título es
    CVE-2024-21978

    Lun, 05/08/2024 – 16:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-21978

    Descripción en
    Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html

    • Enviar en el boletín
    Off