CVE-2024-42774

CVE-2024-42774

Título es
CVE-2024-42774

Jue, 22/08/2024 – 17:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-42774

Descripción en
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.

22/08/2024
22/08/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Room%20Entry.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-42772

    CVE-2024-42772

    Título es
    CVE-2024-42772

    Jue, 22/08/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42772

    Descripción en
    An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20Room%20Entry.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-42770

    CVE-2024-42770

    Título es
    CVE-2024-42770

    Jue, 22/08/2024 – 16:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42770

    Descripción en
    A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-43780

    CVE-2024-43780

    Título es
    CVE-2024-43780

    Jue, 22/08/2024 – 16:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43780

    Descripción en
    Mattermost versions 9.9.x

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off

    CVE-2024-42771

    CVE-2024-42771

    Título es
    CVE-2024-42771

    Jue, 22/08/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42771

    Descripción en
    A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-42769

    CVE-2024-42769

    Título es
    CVE-2024-42769

    Jue, 22/08/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42769

    Descripción en
    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Reflected%20XSS%20-%20Sign%20UP.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-8041

    CVE-2024-8041

    Título es
    CVE-2024-8041

    Jue, 22/08/2024 – 16:15

    Tipo
    CWE-400

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8041

    Descripción en
    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/463092

  • https://hackerone.com/reports/2499070

    • Enviar en el boletín
    Off

    CVE-2024-7110

    CVE-2024-7110

    Título es
    CVE-2024-7110

    Jue, 22/08/2024 – 16:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7110

    Descripción en
    An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/472603

    • Enviar en el boletín
    Off

    CVE-2024-6502

    CVE-2024-6502

    Título es
    CVE-2024-6502

    Jue, 22/08/2024 – 16:15

    Tipo
    CWE-684

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6502

    Descripción en
    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/470647

  • https://hackerone.com/reports/2574561

    • Enviar en el boletín
    Off

    CVE-2024-45193

    CVE-2024-45193

    Título es
    CVE-2024-45193

    Jue, 22/08/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45193

    Descripción en
    An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gitlab.matrix.org/matrix-org/olm/

  • https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985

  • https://news.ycombinator.com/item?id=41249371

  • Security Issues in Matrix’s Olm Library


    • Enviar en el boletín
    Off