CVE-2024-8148

CVE-2024-8148

Título es
CVE-2024-8148

Vie, 04/10/2024 – 18:15

Tipo
CWE-601

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-8148

Descripción en
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 – 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

04/10/2024
04/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/

    • Enviar en el boletín
    Off

    CVE-2024-47211

    CVE-2024-47211

    Título es
    CVE-2024-47211

    Vie, 04/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47211

    Descripción en
    In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/openstack/ironic/compare/24.1.2…26.1.0

  • https://github.com/openstack/ironic/security

  • https://github.com/openstack/ironic/tags

  • https://security.openstack.org/ossa/OSSA-2024-004.html

    • Enviar en el boletín
    Off

    CVE-2024-44439

    CVE-2024-44439

    Título es
    CVE-2024-44439

    Vie, 04/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44439

    Descripción en
    An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://smiling-lemonade-122.notion.site/f7da442e0f8a40fc846eea495dcdd329

  • https://www.notion.so/f7da442e0f8a40fc846eea495dcdd329?pvs=4

    • Enviar en el boletín
    Off

    CVE-2024-41516

    CVE-2024-41516

    Título es
    CVE-2024-41516

    Vie, 04/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41516

    Descripción en
    A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Startseite



  • http://kimweb.de/

  • https://piuswalter.de/blog/multiple-critical-vulnerabilities-in-cadclick/

    • Enviar en el boletín
    Off

    CVE-2024-41515

    CVE-2024-41515

    Título es
    CVE-2024-41515

    Vie, 04/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41515

    Descripción en
    A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Startseite



  • http://kimweb.de/

  • https://piuswalter.de/blog/multiple-critical-vulnerabilities-in-cadclick/

    • Enviar en el boletín
    Off

    CVE-2023-26771

    CVE-2023-26771

    Título es
    CVE-2023-26771

    Vie, 04/10/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-26771

    Descripción en
    Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory

  • https://github.com/JordanKnott/taskcafe

    • Enviar en el boletín
    Off

    CVE-2023-26770

    CVE-2023-26770

    Título es
    CVE-2023-26770

    Vie, 04/10/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-26770

    Descripción en
    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory

  • https://github.com/JordanKnott/taskcafe

    • Enviar en el boletín
    Off

    CVE-2024-46078

    CVE-2024-46078

    Título es
    CVE-2024-46078

    Vie, 04/10/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46078

    Descripción en
    itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46078.md

    • Enviar en el boletín
    Off

    CVE-2024-46077

    CVE-2024-46077

    Título es
    CVE-2024-46077

    Vie, 04/10/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46077

    Descripción en
    itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46077.md

  • https://packetstormsecurity.com

    • Enviar en el boletín
    Off

    CVE-2024-9514

    CVE-2024-9514

    Título es
    CVE-2024-9514

    Vie, 04/10/2024 – 14:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9514

    Descripción en
    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    04/10/2024
    04/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetDomainFilter.md

  • https://vuldb.com/?ctiid_279214=

  • https://vuldb.com/?id_279214=

  • https://vuldb.com/?submit_413874=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off