CVE-2024-45135

CVE-2024-45135

Título es
CVE-2024-45135

Jue, 10/10/2024 – 10:15

Tipo
CWE-284

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-45135

Descripción en
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

10/10/2024
10/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
2.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

  • https://helpx.adobe.com/security/products/magento/apsb24-73.html

    • Enviar en el boletín
    Off

    CVE-2024-45134

    CVE-2024-45134

    Título es
    CVE-2024-45134

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45134

    Descripción en
    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://helpx.adobe.com/security/products/magento/apsb24-73.html

    • Enviar en el boletín
    Off

    CVE-2024-45133

    CVE-2024-45133

    Título es
    CVE-2024-45133

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45133

    Descripción en
    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://helpx.adobe.com/security/products/magento/apsb24-73.html

    • Enviar en el boletín
    Off

    CVE-2024-45132

    CVE-2024-45132

    Título es
    CVE-2024-45132

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-285

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45132

    Descripción en
    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://helpx.adobe.com/security/products/magento/apsb24-73.html

    • Enviar en el boletín
    Off

    CVE-2024-9623

    CVE-2024-9623

    Título es
    CVE-2024-9623

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9623

    Descripción en
    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/459995

    • Enviar en el boletín
    Off

    CVE-2024-9596

    CVE-2024-9596

    Título es
    CVE-2024-9596

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-540

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9596

    Descripción en
    An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/493355

    • Enviar en el boletín
    Off

    CVE-2024-8977

    CVE-2024-8977

    Título es
    CVE-2024-8977

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8977

    Descripción en
    An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/491060

  • https://hackerone.com/reports/2697456

    • Enviar en el boletín
    Off

    CVE-2024-45149

    CVE-2024-45149

    Título es
    CVE-2024-45149

    Jue, 10/10/2024 – 10:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45149

    Descripción en
    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://helpx.adobe.com/security/products/magento/apsb24-73.html

    • Enviar en el boletín
    Off

    CVE-2024-9156

    CVE-2024-9156

    Título es
    CVE-2024-9156

    Jue, 10/10/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9156

    Descripción es
    El complemento TI WooCommerce Wishlist de WordPress hasta la versión 2.8.2 es vulnerable a la inyección SQL debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer información confidencial de la base de datos.

    Descripción en
    The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

    10/10/2024
    10/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/e95974f9-1f68-4181-89b0-3559d61cfa93/

    • Enviar en el boletín
    Off

    CVE-2024-9780

    CVE-2024-9780

    Título es
    CVE-2024-9780

    Jue, 10/10/2024 – 07:15

    Tipo
    CWE-456

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9780

    Descripción es
    La falla del disector ITS en Wireshark 4.4.0 permite la denegación de servicio a través de la inyección de paquetes o un archivo de captura creado

    Descripción en
    ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

    10/10/2024
    10/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/wireshark/wireshark/-/issues/20026

  • https://www.wireshark.org/security/wnpa-sec-2024-12.html

    • Enviar en el boletín
    Off