CVE-2024-45086

CVE-2024-45086

Título es
CVE-2024-45086

Lun, 04/11/2024 – 20:15

Tipo
CWE-611

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-45086

Descripción en
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

04/11/2024
04/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://www.ibm.com/support/pages/node/7174745

    • Enviar en el boletín
    Off

    CVE-2024-34891

    CVE-2024-34891

    Título es
    CVE-2024-34891

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34891

    Descripción en
    Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • http://bitrix24.com

  • https://github.com/DrieVlad/BitrixVulns

    • Enviar en el boletín
    Off

    CVE-2024-34885

    CVE-2024-34885

    Título es
    CVE-2024-34885

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34885

    Descripción en
    Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • http://bitrix24.com

  • https://github.com/DrieVlad/BitrixVulns

    • Enviar en el boletín
    Off

    CVE-2024-30619

    CVE-2024-30619

    Título es
    CVE-2024-30619

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-30619

    Descripción en
    Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online."

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30619

  • https://github.com/chamilo/chamilo-lms/commit/bef68ffe0552cd25b0ef760e582e1188f0f6bf4b

    • Enviar en el boletín
    Off

    CVE-2024-30618

    CVE-2024-30618

    Título es
    CVE-2024-30618

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-30618

    Descripción en
    A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30618

  • https://github.com/chamilo/chamilo-lms/commit/3b98682199049ebfb170ace16ada9a7c8e9a6622

    • Enviar en el boletín
    Off

    CVE-2024-30617

    CVE-2024-30617

    Título es
    CVE-2024-30617

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-30617

    Descripción en
    A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30617

  • https://github.com/chamilo/chamilo-lms/commit/7a0e10cccc92eadae9403925f995b0a8d2d1305e

    • Enviar en el boletín
    Off

    CVE-2024-30616

    CVE-2024-30616

    Título es
    CVE-2024-30616

    Lun, 04/11/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-30616

    Descripción en
    Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

    04/11/2024
    04/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30616

  • https://github.com/chamilo/chamilo-lms/commit/a1a1e4df70dc65ae4fc7857135f4d3ee185548e7

    • Enviar en el boletín
    Off

    CVE-2024-51682

    CVE-2024-51682

    Título es
    CVE-2024-51682

    Lun, 04/11/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51682

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through 1.3.0.

    04/11/2024
    04/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/ht-builder/wordpress-ht-builder-wordpress-theme-builder-for-elementor-plugin-1-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-51681

    CVE-2024-51681

    Título es
    CVE-2024-51681

    Lun, 04/11/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51681

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Stored XSS.This issue affects WP Pocket URLs: from n/a through 1.0.3.

    04/11/2024
    04/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/wp-pocket-urls/wordpress-wp-pocket-urls-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-51680

    CVE-2024-51680

    Título es
    CVE-2024-51680

    Lun, 04/11/2024 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51680

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CrestaProject – Rizzo Andrea Cresta Addons for Elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through 1.0.9.

    04/11/2024
    04/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/cresta-addons-for-elementor/wordpress-cresta-addons-for-elementor-plugin-1-0-9-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off