CVE-2024-29779

CVE-2024-29779

Título es
CVE-2024-29779

Vie, 13/09/2024 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-29779

Descripción en
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

13/09/2024
13/09/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://source.android.com/security/bulletin/pixel/2024-09-01

    • Enviar en el boletín
    Off

    CVE-2024-44092

    CVE-2024-44092

    Título es
    CVE-2024-44092

    Vie, 13/09/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44092

    Descripción en
    In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    13/09/2024
    13/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-09-01

    • Enviar en el boletín
    Off

    CVE-2024-44430

    CVE-2024-44430

    Título es
    CVE-2024-44430

    Vie, 13/09/2024 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44430

    Descripción en
    SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface

    13/09/2024
    13/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://blog.csdn.net/samwbs/article/details/140954482

  • https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md

    • Enviar en el boletín
    Off

    CVE-2024-6137

    CVE-2024-6137

    Título es
    CVE-2024-6137

    Vie, 13/09/2024 – 20:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6137

    Descripción en
    BT: Classic: SDP OOB access in get_att_search_list

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f

    • Enviar en el boletín
    Off

    CVE-2024-6135

    CVE-2024-6135

    Título es
    CVE-2024-6135

    Vie, 13/09/2024 – 20:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6135

    Descripción en
    BT:Classic: Multiple missing buf length checks

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp

    • Enviar en el boletín
    Off

    CVE-2024-5931

    CVE-2024-5931

    Título es
    CVE-2024-5931

    Vie, 13/09/2024 – 20:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5931

    Descripción en
    BT: Unchecked user input in bap_broadcast_assistant

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r8h3-64gp-wv7f

    • Enviar en el boletín
    Off

    CVE-2024-8279

    CVE-2024-8279

    Título es
    CVE-2024-8279

    Vie, 13/09/2024 – 18:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8279

    Descripción en
    A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://support.lenovo.com/us/en/product_security/LEN-172051

    • Enviar en el boletín
    Off

    CVE-2024-8278

    CVE-2024-8278

    Título es
    CVE-2024-8278

    Vie, 13/09/2024 – 18:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8278

    Descripción en
    A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://support.lenovo.com/us/en/product_security/LEN-172051

    • Enviar en el boletín
    Off

    CVE-2024-8059

    CVE-2024-8059

    Título es
    CVE-2024-8059

    Vie, 13/09/2024 – 18:15

    Tipo
    CWE-319

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8059

    Descripción en
    IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.lenovo.com/us/en/product_security/LEN-172051

    • Enviar en el boletín
    Off

    CVE-2024-8782

    CVE-2024-8782

    Título es
    CVE-2024-8782

    Vie, 13/09/2024 – 18:15

    Tipo
    CWE-22

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8782

    Descripción en
    A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    13/09/2024
    13/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitee.com/heyewei/JFinalcms/issues/IAOSJG

  • https://github.com/yhy7612/Seccode/blob/main/README1.md

  • https://vuldb.com/?ctiid_277433=

  • https://vuldb.com/?id_277433=

  • https://vuldb.com/?submit_405528=

    • Enviar en el boletín
    Off