CVE-2024-7961

CVE-2024-7961

Título es
CVE-2024-7961

Jue, 12/09/2024 – 21:15

Tipo
CWE-22

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-7961

Descripción en
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.

12/09/2024
12/09/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html

    • Enviar en el boletín
    Off

    CVE-2024-7960

    CVE-2024-7960

    Título es
    CVE-2024-7960

    Jue, 12/09/2024 – 21:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7960

    Descripción en
    The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html

    • Enviar en el boletín
    Off

    CVE-2024-6840

    CVE-2024-6840

    Título es
    CVE-2024-6840

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-285

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6840

    Descripción en
    An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://access.redhat.com/errata/RHSA-2024:6428

  • https://access.redhat.com/security/cve/CVE-2024-6840

  • https://bugzilla.redhat.com/show_bug.cgi?id=2298492

    • Enviar en el boletín
    Off

    CVE-2024-6446

    CVE-2024-6446

    Título es
    CVE-2024-6446

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-840

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6446

    Descripción en
    An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/470144

  • https://hackerone.com/reports/2573481

    • Enviar en el boletín
    Off

    CVE-2024-8754

    CVE-2024-8754

    Título es
    CVE-2024-8754

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-642

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8754

    Descripción en
    An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/464062

    • Enviar en el boletín
    Off

    CVE-2024-8640

    CVE-2024-8640

    Título es
    CVE-2024-8640

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8640

    Descripción en
    An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/486213

  • https://hackerone.com/reports/2687770

    • Enviar en el boletín
    Off

    CVE-2024-8635

    CVE-2024-8635

    Título es
    CVE-2024-8635

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8635

    Descripción en
    A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/455273

    • Enviar en el boletín
    Off

    CVE-2024-8631

    CVE-2024-8631

    Título es
    CVE-2024-8631

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-267

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8631

    Descripción en
    A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/462665

  • https://hackerone.com/reports/2478469

    • Enviar en el boletín
    Off

    CVE-2024-8124

    CVE-2024-8124

    Título es
    CVE-2024-8124

    Jue, 12/09/2024 – 17:15

    Tipo
    CWE-1333

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8124

    Descripción en
    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/480533

  • https://hackerone.com/reports/2634880

    • Enviar en el boletín
    Off

    CVE-2024-41629

    CVE-2024-41629

    Título es
    CVE-2024-41629

    Jue, 12/09/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41629

    Descripción en
    An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://seclists.org/fulldisclosure/2024/Sep/1

    • Enviar en el boletín
    Off