CVE-2024-36516

CVE-2024-36516

Título es
CVE-2024-36516

Vie, 23/08/2024 – 14:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-36516

Descripción en
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

23/08/2024
23/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
8.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html

    • Enviar en el boletín
    Off

    CVE-2024-36515

    CVE-2024-36515

    Título es
    CVE-2024-36515

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-36515

    Descripción en
    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
    Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html

    • Enviar en el boletín
    Off

    CVE-2024-5586

    CVE-2024-5586

    Título es
    CVE-2024-5586

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5586

    Descripción en
    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html

    • Enviar en el boletín
    Off

    CVE-2024-5556

    CVE-2024-5556

    Título es
    CVE-2024-5556

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5556

    Descripción en
    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html

    • Enviar en el boletín
    Off

    CVE-2024-5490

    CVE-2024-5490

    Título es
    CVE-2024-5490

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5490

    Descripción en
    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html

    • Enviar en el boletín
    Off

    CVE-2024-5467

    CVE-2024-5467

    Título es
    CVE-2024-5467

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5467

    Descripción en
    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html

    • Enviar en el boletín
    Off

    CVE-2024-5466

    CVE-2024-5466

    Título es
    CVE-2024-5466

    Vie, 23/08/2024 – 14:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5466

    Descripción en
    Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.manageengine.com/itom/advisory/cve-2024-5466.html

    • Enviar en el boletín
    Off

    CVE-2024-43883

    CVE-2024-43883

    Título es
    CVE-2024-43883

    Vie, 23/08/2024 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43883

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    usb: vhci-hcd: Do not drop references before new references are gained

    At a few places the driver carries stale pointers
    to references that can still be used. Make sure that does not happen.
    This strictly speaking closes ZDI-CAN-22273, though there may be
    similar races in the driver.

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37

  • https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174

  • https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14

  • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89

  • https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80

  • https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a

  • https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54

  • https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2

    • Enviar en el boletín
    Off

    CVE-2024-7986

    CVE-2024-7986

    Título es
    CVE-2024-7986

    Vie, 23/08/2024 – 12:15

    Tipo
    CWE-732

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7986

    Descripción en
    A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

    23/08/2024
    23/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html

    • Enviar en el boletín
    Off

    CVE-2024-43105

    CVE-2024-43105

    Título es
    CVE-2024-43105

    Vie, 23/08/2024 – 08:15

    Tipo
    CWE-400

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43105

    Descripción en
    Mattermost Plugin Channel Export versions

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off