CVE-2018-9372

CVE-2018-9372

Título es
CVE-2018-9372

Mar, 19/11/2024 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2018-9372

Descripción en
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.

19/11/2024
19/11/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://source.android.com/security/bulletin/2018-06-01

    • Enviar en el boletín
    Off

    CVE-2024-11395

    CVE-2024-11395

    Título es
    CVE-2024-11395

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-843

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11395

    Descripción en
    Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    19/11/2024
    19/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html

  • https://issues.chromium.org/issues/377384894

    • Enviar en el boletín
    Off

    CVE-2024-45419

    CVE-2024-45419

    Título es
    CVE-2024-45419

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-252

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45419

    Descripción en
    Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.zoom.com/en/trust/security-bulletin/zsb-24041

    • Enviar en el boletín
    Off

    CVE-2024-37070

    CVE-2024-37070

    Título es
    CVE-2024-37070

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-359

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37070

    Descripción en
    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7176346

    • Enviar en el boletín
    Off

    CVE-2024-1271

    CVE-2024-1271

    Título es
    CVE-2024-1271

    Mar, 19/11/2024 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-1271

    Descripción en
    Rejected reason: This CVE was previously published at https://bugzilla.redhat.com/show_bug.cgi?id=2262978 but later rejected for the following reason: The flaw requires an attacker to have superuser credentials which is a condition that already permits all impacts, hence not constituing a security vulnerability.

    19/11/2024
    19/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Enviar en el boletín
    Off

    CVE-2024-52359

    CVE-2024-52359

    Título es
    CVE-2024-52359

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-286

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52359

    Descripción en
    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7176346

    • Enviar en el boletín
    Off

    CVE-2024-45422

    CVE-2024-45422

    Título es
    CVE-2024-45422

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45422

    Descripción en
    Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.zoom.com/en/trust/security-bulletin/zsb-24044

    • Enviar en el boletín
    Off

    CVE-2024-45420

    CVE-2024-45420

    Título es
    CVE-2024-45420

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-400

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45420

    Descripción en
    Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.zoom.com/en/trust/security-bulletin/zsb-24042

    • Enviar en el boletín
    Off

    CVE-2024-52360

    CVE-2024-52360

    Título es
    CVE-2024-52360

    Mar, 19/11/2024 – 20:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52360

    Descripción en
    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.ibm.com/support/pages/node/7176346

    • Enviar en el boletín
    Off

    CVE-2024-10524

    CVE-2024-10524

    Título es
    CVE-2024-10524

    Mar, 19/11/2024 – 15:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10524

    Descripción en
    Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

    19/11/2024
    19/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778

  • CVE-2024-10524 Wget Zero Day Vulnerability



  • https://seclists.org/oss-sec/2024/q4/107

    • Enviar en el boletín
    Off