CVE-2024-34785

CVE-2024-34785

Título es
CVE-2024-34785

Jue, 12/09/2024 – 02:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-34785

Descripción en
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

12/09/2024
12/09/2024
Vector CVSS:3.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

    • Enviar en el boletín
    Off

    CVE-2024-34783

    CVE-2024-34783

    Título es
    CVE-2024-34783

    Jue, 12/09/2024 – 02:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34783

    Descripción en
    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

    • Enviar en el boletín
    Off

    CVE-2024-34779

    CVE-2024-34779

    Título es
    CVE-2024-34779

    Jue, 12/09/2024 – 02:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34779

    Descripción en
    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

    • Enviar en el boletín
    Off

    CVE-2024-32848

    CVE-2024-32848

    Título es
    CVE-2024-32848

    Jue, 12/09/2024 – 02:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-32848

    Descripción en
    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

    • Enviar en el boletín
    Off

    CVE-2024-38222

    CVE-2024-38222

    Título es
    CVE-2024-38222

    Jue, 12/09/2024 – 03:15

    Tipo
    CWE-276

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38222

    Descripción en
    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38222

    • Enviar en el boletín
    Off

    CVE-2024-8709

    CVE-2024-8709

    Título es
    CVE-2024-8709

    Jue, 12/09/2024 – 03:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8709

    Descripción en
    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/gaorenyusi/gaorenyusi/blob/main/rental1.md

  • https://vuldb.com/?ctiid_277218=

  • https://vuldb.com/?id_277218=

  • https://vuldb.com/?submit_405594=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-8710

    CVE-2024-8710

    Título es
    CVE-2024-8710

    Jue, 12/09/2024 – 03:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8710

    Descripción en
    A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://github.com/ali0999109/Inventory-management/blob/main/Sql.md

  • https://vuldb.com/?ctiid_277219=

  • https://vuldb.com/?id_277219=

  • https://vuldb.com/?submit_404976=

    • Enviar en el boletín
    Off

    CVE-2024-8711

    CVE-2024-8711

    Título es
    CVE-2024-8711

    Jue, 12/09/2024 – 04:15

    Tipo
    CWE-548

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8711

    Descripción en
    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/jz-qb/cve/blob/main/dir.md

  • https://vuldb.com/?ctiid_277220=

  • https://vuldb.com/?id_277220=

  • https://vuldb.com/?submit_405343=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-8705

    CVE-2024-8705

    Título es
    CVE-2024-8705

    Mié, 11/09/2024 – 23:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8705

    Descripción en
    A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://vuldb.com/?ctiid_277214=

  • https://vuldb.com/?id_277214=

  • https://vuldb.com/?submit_402236=

  • https://wiki.shikangsi.com/post/share/3cd1d639-7b5d-47cf-a69d-552c314b5168

    • Enviar en el boletín
    Off

    CVE-2024-7890

    CVE-2024-7890

    Título es
    CVE-2024-7890

    Mié, 11/09/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7890

    Descripción en
    Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US

    • Enviar en el boletín
    Off