CVE-2024-9566

CVE-2024-9566

Título es
CVE-2024-9566

Lun, 07/10/2024 – 13:15

Tipo
CWE-120

Gravedad v2.0
9.00

Gravedad 2.0 Txt
HIGH

Título en

CVE-2024-9566

Descripción en
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

07/10/2024
07/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formDeviceReboot.md

  • https://vuldb.com/?ctiid_279460=

  • https://vuldb.com/?id_279460=

  • https://vuldb.com/?submit_414541=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-47344

    CVE-2024-47344

    Título es
    CVE-2024-47344

    Lun, 07/10/2024 – 06:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47344

    Descripción en
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-47335

    CVE-2024-47335

    Título es
    CVE-2024-47335

    Lun, 07/10/2024 – 06:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47335

    Descripción en
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-11-sql-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-20094

    CVE-2024-20094

    Título es
    CVE-2024-20094

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-617

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20094

    Descripción en
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20096

    CVE-2024-20096

    Título es
    CVE-2024-20096

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20096

    Descripción en
    In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20095

    CVE-2024-20095

    Título es
    CVE-2024-20095

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20095

    Descripción en
    In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20103

    CVE-2024-20103

    Título es
    CVE-2024-20103

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20103

    Descripción en
    In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20102

    CVE-2024-20102

    Título es
    CVE-2024-20102

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20102

    Descripción en
    In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20101

    CVE-2024-20101

    Título es
    CVE-2024-20101

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20101

    Descripción en
    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20100

    CVE-2024-20100

    Título es
    CVE-2024-20100

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20100

    Descripción en
    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off