CVE-2024-27458

CVE-2024-27458

Título es
CVE-2024-27458

Lun, 07/10/2024 – 17:15

Tipo
CWE-59

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-27458

Descripción en
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

07/10/2024
07/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977

    • Enviar en el boletín
    Off

    CVE-2023-6362

    CVE-2023-6362

    Título es
    CVE-2023-6362

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-119

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-6362

    Descripción en
    A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex

    • Enviar en el boletín
    Off

    CVE-2023-6361

    CVE-2023-6361

    Título es
    CVE-2023-6361

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-119

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-6361

    Descripción en
    A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex

    • Enviar en el boletín
    Off

    CVE-2024-45933

    CVE-2024-45933

    Título es
    CVE-2024-45933

    Lun, 07/10/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45933

    Descripción en
    OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • http://TobeReleased.com

  • https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/MobinaJafarian-OnlineNewsSite%20v%201.0/CVE-2024-45933.md

    • Enviar en el boletín
    Off

    CVE-2024-9572

    CVE-2024-9572

    Título es
    CVE-2024-9572

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9572

    Descripción en
    Cross-Site Scripting (XSS) vulnerability in SOPlanning

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning

    • Enviar en el boletín
    Off

    CVE-2024-9571

    CVE-2024-9571

    Título es
    CVE-2024-9571

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9571

    Descripción en
    Cross-Site Scripting (XSS) vulnerability in SOPlanning

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning

    • Enviar en el boletín
    Off

    CVE-2024-9569

    CVE-2024-9569

    Título es
    CVE-2024-9569

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9569

    Descripción en
    A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetPassword.md

  • https://vuldb.com/?ctiid_279463=

  • https://vuldb.com/?id_279463=

  • https://vuldb.com/?submit_414547=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9568

    CVE-2024-9568

    Título es
    CVE-2024-9568

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9568

    Descripción en
    A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formAdvNetwork.md

  • https://vuldb.com/?ctiid_279462=

  • https://vuldb.com/?id_279462=

  • https://vuldb.com/?submit_414545=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9576

    CVE-2024-9576

    Título es
    CVE-2024-9576

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9576

    Descripción en
    Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-linux-workbooth-distro

    • Enviar en el boletín
    Off

    CVE-2024-9574

    CVE-2024-9574

    Título es
    CVE-2024-9574

    Lun, 07/10/2024 – 15:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9574

    Descripción en
    SQL injection vulnerability in SOPlanning

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning

    • Enviar en el boletín
    Off