CVE-2024-48208

CVE-2024-48208

Título es
CVE-2024-48208

Jue, 24/10/2024 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-48208

Descripción en
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.

24/10/2024
24/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/jedisct1/pure-ftpd/pull/176

    • Enviar en el boletín
    Off

    CVE-2024-7763

    CVE-2024-7763

    Título es
    CVE-2024-7763

    Jue, 24/10/2024 – 21:15

    Tipo
    CWE-287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7763

    Descripción en
    In WhatsUp Gold versions released before 2024.0.0, 

    an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

    24/10/2024
    24/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

  • https://www.progress.com/network-monitoring

    • Enviar en el boletín
    Off

    CVE-2024-9692

    CVE-2024-9692

    Título es
    CVE-2024-9692

    Jue, 24/10/2024 – 17:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9692

    Descripción en
    VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.

    24/10/2024
    24/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-01

    • Enviar en el boletín
    Off

    CVE-2024-10313

    CVE-2024-10313

    Título es
    CVE-2024-10313

    Jue, 24/10/2024 – 18:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10313

    Descripción en
    iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal
    vulnerability. When the software loads a malicious ‘ems' project
    template file constructed by an attacker, it can write files to
    arbitrary directories. This can lead to overwriting system files,
    causing system paralysis, or writing to startup items, resulting in
    remote control.

    24/10/2024
    24/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    Gravedad 4.0
    8.60

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02

    • Enviar en el boletín
    Off

    CVE-2024-10338

    CVE-2024-10338

    Título es
    CVE-2024-10338

    Jue, 24/10/2024 – 18:15

    Tipo
    CWE-89

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-10338

    Descripción en
    A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    24/10/2024
    24/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://vuldb.com/?ctiid_281683=

  • https://vuldb.com/?id_281683=

  • https://vuldb.com/?submit_427447=

    • Enviar en el boletín
    Off

    CVE-2024-10337

    CVE-2024-10337

    Título es
    CVE-2024-10337

    Jue, 24/10/2024 – 18:15

    Tipo
    CWE-89

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-10337

    Descripción en
    A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    24/10/2024
    24/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://vuldb.com/?ctiid_281682=

  • https://vuldb.com/?id_281682=

  • https://vuldb.com/?submit_427443=

    • Enviar en el boletín
    Off

    CVE-2024-38314

    CVE-2024-38314

    Título es
    CVE-2024-38314

    Jue, 24/10/2024 – 18:15

    Tipo
    CWE-321

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38314

    Descripción en
    IBM Maximo Application Suite – Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

    24/10/2024
    24/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7173988

    • Enviar en el boletín
    Off

    CVE-2024-46478

    CVE-2024-46478

    Título es
    CVE-2024-46478

    Jue, 24/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46478

    Descripción en
    HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

    24/10/2024
    24/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98

  • https://github.com/michaelrsweet/htmldoc/issues/529

    • Enviar en el boletín
    Off

    CVE-2024-48442

    CVE-2024-48442

    Título es
    CVE-2024-48442

    Jue, 24/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48442

    Descripción en
    Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication.

    24/10/2024
    24/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://medium.com/%40sengkyaut/unauthenticated-factory-mode-reset-and-at-command-injection-in-jboneos-or-jbonecloud-firmware-1dec156b7ddd

    • Enviar en el boletín
    Off

    CVE-2024-48441

    CVE-2024-48441

    Título es
    CVE-2024-48441

    Jue, 24/10/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48441

    Descripción en
    Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp.

    24/10/2024
    24/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://medium.com/%40sengkyaut/unauthenticated-factory-mode-reset-and-at-command-injection-in-jboneos-or-jbonecloud-firmware-1dec156b7ddd

    • Enviar en el boletín
    Off