agosto 2024 - Página 58 de 135

20 Ago 2024

CVE-2024-42598

Título es

CVE-2024-42598

Mar, 20/08/2024 – 16:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-42598

Descripción en

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

20/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-40743

Título es

CVE-2024-40743

Mar, 20/08/2024 – 16:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-40743

Descripción en

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.

20/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://developer.joomla.org/security-centre/946-20240805-core-xss-vectors-in-outputfilter-strip-methods.html

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-42621

Título es

CVE-2024-42621

Mar, 20/08/2024 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-42621

Descripción en

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php

20/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/jinwu1234567890/cms2/tree/main/12/readme.md

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-42618

Título es

CVE-2024-42618

Mar, 20/08/2024 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-42618

Descripción en

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma

20/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/jinwu1234567890/cms2/tree/main/16/readme.md

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-42616

Título es

CVE-2024-42616

Mar, 20/08/2024 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-42616

Descripción en

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics

20/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/jinwu1234567890/cms2/tree/main/13/readme.md

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-43404

Título es

CVE-2024-43404

Mar, 20/08/2024 – 15:15

Tipo

CWE-95

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43404

Descripción en

MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions

20/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6

https://github.com/NicPWNs/MEGABOT/issues/137

https://github.com/NicPWNs/MEGABOT/pull/138

https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0

https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-43397

Título es

CVE-2024-43397

Mar, 20/08/2024 – 15:15

Tipo

CWE-284

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43397

Descripción en

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.

20/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/apolloconfig/apollo/commit/f55b419145bf9d4f2f51dd4cd45108229e8d97ed

https://github.com/apolloconfig/apollo/pull/5192

https://github.com/apolloconfig/apollo/releases/tag/v2.3.0

https://github.com/apolloconfig/apollo/security/advisories/GHSA-c6c3-h4f7-3962

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-43377

Título es

CVE-2024-43377

Mar, 20/08/2024 – 15:15

Tipo

CWE-284

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43377

Descripción en

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.

20/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/umbraco/Umbraco-CMS/commit/72bef8861d94a39d5cc9530a04c4797b91fcbecf

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hrww-x3fq-xcvh

Enviar en el boletín

Off

20 Ago 2024

CVE-2024-43376

Título es

CVE-2024-43376

Mar, 20/08/2024 – 15:15

Tipo

CWE-209

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43376

Descripción en

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

20/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

Enviar en el boletín

Off