CVE-2024-47419

CVE-2024-47419

Título es
CVE-2024-47419

Mié, 09/10/2024 – 10:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-47419

Descripción en
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

09/10/2024
09/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://helpx.adobe.com/security/products/animate/apsb24-76.html

    • Enviar en el boletín
    Off

    CVE-2024-47418

    CVE-2024-47418

    Título es
    CVE-2024-47418

    Mié, 09/10/2024 – 10:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47418

    Descripción en
    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://helpx.adobe.com/security/products/animate/apsb24-76.html

    • Enviar en el boletín
    Off

    CVE-2024-47417

    CVE-2024-47417

    Título es
    CVE-2024-47417

    Mié, 09/10/2024 – 10:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47417

    Descripción en
    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://helpx.adobe.com/security/products/animate/apsb24-76.html

    • Enviar en el boletín
    Off

    CVE-2024-5968

    CVE-2024-5968

    Título es
    CVE-2024-5968

    Mié, 09/10/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5968

    Descripción en
    The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

    09/10/2024
    09/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/

    • Enviar en el boletín
    Off

    CVE-2023-46586

    CVE-2023-46586

    Título es
    CVE-2023-46586

    Mié, 09/10/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46586

    Descripción en
    cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

    09/10/2024
    09/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d

  • https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991

  • https://github.com/ltworf/weborf/pull/88

  • https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4

    • Enviar en el boletín
    Off

    CVE-2023-45872

    CVE-2023-45872

    Título es
    CVE-2023-45872

    Mié, 09/10/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-45872

    Descripción en
    An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document.

    09/10/2024
    09/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.redhat.com/show_bug.cgi?id=2246067

  • https://qt.io

    • Enviar en el boletín
    Off

    CVE-2024-39436

    CVE-2024-39436

    Título es
    CVE-2024-39436

    Mié, 09/10/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39436

    Descripción en
    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897

    • Enviar en el boletín
    Off

    CVE-2024-39439

    CVE-2024-39439

    Título es
    CVE-2024-39439

    Mié, 09/10/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39439

    Descripción en
    In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897

    • Enviar en el boletín
    Off

    CVE-2024-39438

    CVE-2024-39438

    Título es
    CVE-2024-39438

    Mié, 09/10/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39438

    Descripción en
    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897

    • Enviar en el boletín
    Off

    CVE-2024-39437

    CVE-2024-39437

    Título es
    CVE-2024-39437

    Mié, 09/10/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39437

    Descripción en
    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

    09/10/2024
    09/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897

    • Enviar en el boletín
    Off