CVE-2024-9194

CVE-2024-9194

Título es
CVE-2024-9194

Lun, 30/09/2024 – 23:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-9194

Descripción en
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.

01/10/2024
01/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://advisories.octopus.com/post/2024/sa2024-09/

    • Enviar en el boletín
    Off

    CVE-2024-28807

    CVE-2024-28807

    Título es
    CVE-2024-28807

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-312

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-28807

    Descripción en
    An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28807

    • Enviar en el boletín
    Off

    CVE-2024-7671

    CVE-2024-7671

    Título es
    CVE-2024-7671

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7671

    Descripción en
    A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off

    CVE-2024-7670

    CVE-2024-7670

    Título es
    CVE-2024-7670

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7670

    Descripción en
    A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off

    CVE-2024-46503

    CVE-2024-46503

    Título es
    CVE-2024-46503

    Lun, 30/09/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46503

    Descripción en
    An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.

    30/09/2024
    30/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462

  • https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63

    • Enviar en el boletín
    Off

    CVE-2024-28808

    CVE-2024-28808

    Título es
    CVE-2024-28808

    Lun, 30/09/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-28808

    Descripción en
    An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.

    30/09/2024
    30/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28808

    • Enviar en el boletín
    Off

    CVE-2024-7675

    CVE-2024-7675

    Título es
    CVE-2024-7675

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7675

    Descripción en
    A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off

    CVE-2024-7674

    CVE-2024-7674

    Título es
    CVE-2024-7674

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7674

    Descripción en
    A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off

    CVE-2024-7673

    CVE-2024-7673

    Título es
    CVE-2024-7673

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7673

    Descripción en
    A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off

    CVE-2024-7672

    CVE-2024-7672

    Título es
    CVE-2024-7672

    Lun, 30/09/2024 – 21:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7672

    Descripción en
    A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

    30/09/2024
    30/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015

    • Enviar en el boletín
    Off