CVE-2024-49268

CVE-2024-49268

Título es
CVE-2024-49268

Mié, 16/10/2024 – 15:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-49268

Descripción en
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0.

16/10/2024
16/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://patchstack.com/database/vulnerability/disconnected/wordpress-disconnected-theme-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-49267

    CVE-2024-49267

    Título es
    CVE-2024-49267

    Mié, 16/10/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49267

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/unlimited-addon-for-elementor/wordpress-unlimited-addon-for-elementor-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-49266

    CVE-2024-49266

    Título es
    CVE-2024-49266

    Mié, 16/10/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49266

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/wp-spreadplugin/wordpress-wp-spreadplugin-plugin-4-8-9-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-9348

    CVE-2024-9348

    Título es
    CVE-2024-9348

    Mié, 16/10/2024 – 15:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9348

    Descripción en
    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

    16/10/2024
    16/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.90

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://docs.docker.com/desktop/release-notes/#4343

    • Enviar en el boletín
    Off

    CVE-2024-29155

    CVE-2024-29155

    Título es
    CVE-2024-29155

    Mié, 16/10/2024 – 16:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-29155

    Descripción en
    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
    received, the device becomes incapable of completing the pairing
    process. A third party can inject a second PairReqNoInputNoOutput request
    just after a real one, causing the pair request to be blocked.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip

  • https://www.microchip.com/en-us/product/rn4870

    • Enviar en el boletín
    Off

    CVE-2024-49265

    CVE-2024-49265

    Título es
    CVE-2024-49265

    Mié, 16/10/2024 – 16:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49265

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/bookingcom-banner-creator/wordpress-booking-com-banner-creator-plugin-1-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-32194

    CVE-2023-32194

    Título es
    CVE-2023-32194

    Mié, 16/10/2024 – 13:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-32194

    Descripción en
    A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive *
    permissions for core namespaces. This can lead to someone being capable
    of accessing, creating, updating, or deleting a namespace in the
    project.

    16/10/2024
    16/10/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    8.60

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32194

  • https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc

    • Enviar en el boletín
    Off

    CVE-2023-32193

    CVE-2023-32193

    Título es
    CVE-2023-32193

    Mié, 16/10/2024 – 13:15

    Tipo
    CWE-80

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-32193

    Descripción en
    A vulnerability has been identified in which unauthenticated cross-site
    scripting (XSS) in Norman's public API endpoint can be exploited. This
    can lead to an attacker exploiting the vulnerability to trigger
    JavaScript code and execute commands remotely.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193

  • https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6

    • Enviar en el boletín
    Off

    CVE-2023-32192

    CVE-2023-32192

    Título es
    CVE-2023-32192

    Mié, 16/10/2024 – 13:15

    Tipo
    CWE-80

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-32192

    Descripción en
    A vulnerability has been identified in which unauthenticated cross-site
    scripting (XSS) in the API Server's public API endpoint can be
    exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32192

  • https://github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55

    • Enviar en el boletín
    Off

    CVE-2024-48042

    CVE-2024-48042

    Título es
    CVE-2024-48042

    Mié, 16/10/2024 – 13:15

    Tipo
    CWE-1336

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48042

    Descripción en
    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off