CVE-2024-51298

CVE-2024-51298

Título es
CVE-2024-51298

Mié, 30/10/2024 – 14:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-51298

Descripción en
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.

30/10/2024
30/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-51257

    CVE-2024-51257

    Título es
    CVE-2024-51257

    Mié, 30/10/2024 – 14:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51257

    Descripción en
    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.

    30/10/2024
    30/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-50419

    CVE-2024-50419

    Título es
    CVE-2024-50419

    Mié, 30/10/2024 – 15:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-50419

    Descripción en
    Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.

    30/10/2024
    30/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/greenshift-animation-and-page-builder-blocks/wordpress-greenshift-animation-and-page-builder-blocks-plugin-9-7-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-50344

    CVE-2024-50344

    Título es
    CVE-2024-50344

    Mié, 30/10/2024 – 16:15

    Tipo
    CWE-80

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-50344

    Descripción en
    I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.

    30/10/2024
    30/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/mkucej/i-librarian-free/commit/a67d7949ffb02fd912ebdcf552df006b44066d78

  • https://github.com/mkucej/i-librarian-free/security/advisories/GHSA-c2rm-w62w-5xmj

    • Enviar en el boletín
    Off

    CVE-2024-9110

    CVE-2024-9110

    Título es
    CVE-2024-9110

    Mié, 30/10/2024 – 17:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9110

    Descripción en
    A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.

    30/10/2024
    30/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.beyondtrust.com/trust-center/security-advisories/bt24-09

    • Enviar en el boletín
    Off

    CVE-2024-51258

    CVE-2024-51258

    Título es
    CVE-2024-51258

    Mié, 30/10/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51258

    Descripción en
    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.

    30/10/2024
    30/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-51301

    CVE-2024-51301

    Título es
    CVE-2024-51301

    Mié, 30/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51301

    Descripción en
    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.

    30/10/2024
    30/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-51300

    CVE-2024-51300

    Título es
    CVE-2024-51300

    Mié, 30/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51300

    Descripción en
    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.

    30/10/2024
    30/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-51299

    CVE-2024-51299

    Título es
    CVE-2024-51299

    Mié, 30/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51299

    Descripción en
    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.

    30/10/2024
    30/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off

    CVE-2024-51296

    CVE-2024-51296

    Título es
    CVE-2024-51296

    Mié, 30/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51296

    Descripción en
    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.

    30/10/2024
    30/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

    • Enviar en el boletín
    Off