CVE-2024-4130

CVE-2024-4130

Título es
CVE-2024-4130

Vie, 11/10/2024 – 16:15

Tipo
CWE-427

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-4130

Descripción en
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

11/10/2024
11/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://iknow.lenovo.com.cn/detail/423563

    • Enviar en el boletín
    Off

    CVE-2024-4089

    CVE-2024-4089

    Título es
    CVE-2024-4089

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-427

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-4089

    Descripción en
    A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://iknow.lenovo.com.cn/detail/423563

    • Enviar en el boletín
    Off

    CVE-2024-48827

    CVE-2024-48827

    Título es
    CVE-2024-48827

    Vie, 11/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48827

    Descripción en
    An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function.

    11/10/2024
    11/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/sbondCo/Watcharr

  • https://github.com/sbondCo/Watcharr/releases/tag/v1.43.0

  • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48827/Description.md

    • Enviar en el boletín
    Off

    CVE-2024-48813

    CVE-2024-48813

    Título es
    CVE-2024-48813

    Vie, 11/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48813

    Descripción en
    SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component.

    11/10/2024
    11/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gitee.com/lssrain/taskmatic/issues/IAUXOL

    • Enviar en el boletín
    Off

    CVE-2024-8376

    CVE-2024-8376

    Título es
    CVE-2024-8376

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-401

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8376

    Descripción en
    In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

    11/10/2024
    11/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/eclipse/mosquitto/releases/tag/v2.0.19

  • https://gitlab.eclipse.org/security/cve-assignement/-/issues/26

  • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216

  • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217

  • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218

  • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227

  • https://mosquitto.org/

    • Enviar en el boletín
    Off

    CVE-2024-6985

    CVE-2024-6985

    Título es
    CVE-2024-6985

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6985

    Descripción en
    A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/parisneo/lollms/commit/28ee567a9a120967215ff19b96ab7515ce469620

  • https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a

    • Enviar en el boletín
    Off

    CVE-2024-5474

    CVE-2024-5474

    Título es
    CVE-2024-5474

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-276

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5474

    Descripción en
    A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.lenovo.com/us/en/product_security/LEN-158394

    • Enviar en el boletín
    Off

    CVE-2024-4132

    CVE-2024-4132

    Título es
    CVE-2024-4132

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-427

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-4132

    Descripción en
    A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://iknow.lenovo.com.cn/detail/423563

    • Enviar en el boletín
    Off

    CVE-2024-4131

    CVE-2024-4131

    Título es
    CVE-2024-4131

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-427

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-4131

    Descripción en
    A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://iknow.lenovo.com.cn/detail/423563

    • Enviar en el boletín
    Off

    CVE-2024-9046

    CVE-2024-9046

    Título es
    CVE-2024-9046

    Vie, 11/10/2024 – 16:15

    Tipo
    CWE-427

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9046

    Descripción en
    A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.

    11/10/2024
    11/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://iknow.lenovo.com.cn/detail/423563

    • Enviar en el boletín
    Off