CVE-2024-6631

CVE-2024-6631

Título es
CVE-2024-6631

Sáb, 24/08/2024 – 03:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-6631

Descripción en
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings.

24/08/2024
24/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://plugins.trac.wordpress.org/changeset/3119956/imagerecycle-pdf-image-compression/tags/3.1.15/class/class-image-otimizer.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/f330bf36-0a39-40d6-a075-c87fdb9dc2da?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-2254

    CVE-2024-2254

    Título es
    CVE-2024-2254

    Sáb, 24/08/2024 – 03:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-2254

    Descripción en
    The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    24/08/2024
    24/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/browser/rt-easy-builder-advanced-addons-for-elementor/trunk/modules/elementor/widgets/pricing-table/template.php#L19

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/a5fb289e-bd38-42ea-86a4-7816b59bd0b2?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-38207

    CVE-2024-38207

    Título es
    CVE-2024-38207

    Vie, 23/08/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38207

    Descripción en
    Microsoft Edge (HTML-based) Memory Corruption Vulnerability

    24/08/2024
    24/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38207

    • Enviar en el boletín
    Off

    CVE-2024-45188

    CVE-2024-45188

    Título es
    CVE-2024-45188

    Vie, 23/08/2024 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45188

    Descripción en
    Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://research.jfrog.com/vulnerabilities/mage-ai-file-content-request-remote-arbitrary-file-leak-jfsa-2024-001039603/

    • Enviar en el boletín
    Off

    CVE-2024-45190

    CVE-2024-45190

    Título es
    CVE-2024-45190

    Vie, 23/08/2024 – 20:15

    Tipo
    CWE-35

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45190

    Descripción en
    Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605/

    • Enviar en el boletín
    Off

    CVE-2024-45189

    CVE-2024-45189

    Título es
    CVE-2024-45189

    Vie, 23/08/2024 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45189

    Descripción en
    Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://research.jfrog.com/vulnerabilities/mage-ai-git-content-request-remote-arbitrary-file-leak-jfsa-2024-001039604/

    • Enviar en el boletín
    Off

    CVE-2024-40111

    CVE-2024-40111

    Título es
    CVE-2024-40111

    Vie, 23/08/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40111

    Descripción en
    A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum.

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://drive.google.com/file/d/10BVQKYo2H1-Nx3FOGteL2xww4lbZ3xlS/view?usp=sharing

  • https://github.com/w3bn00b3r/Stored-Cross-Site-Scripting-XSS—Automad-2.0.0-alpha.4/

    • Enviar en el boletín
    Off

    CVE-2024-37392

    CVE-2024-37392

    Título es
    CVE-2024-37392

    Vie, 23/08/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37392

    Descripción en
    A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.smseagle.eu/2024/08/21/resolved-xss-in-smseagle-software-cve-2024-37392/

    • Enviar en el boletín
    Off

    CVE-2024-7428

    CVE-2024-7428

    Título es
    CVE-2024-7428

    Vie, 23/08/2024 – 17:15

    Tipo
    CWE-601

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7428

    Descripción en
    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://portal.microfocus.com/s/article/KM000033015?language=en_US

    • Enviar en el boletín
    Off

    CVE-2024-7427

    CVE-2024-7427

    Título es
    CVE-2024-7427

    Vie, 23/08/2024 – 17:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7427

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://portal.microfocus.com/s/article/KM000033018?language=en_US

    • Enviar en el boletín
    Off