CVE-2020-26066

CVE-2020-26066

Título es
CVE-2020-26066

Lun, 18/11/2024 – 17:15

Tipo
CWE-611

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2020-26066

Descripción en
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

18/11/2024
18/11/2024
Vector CVSS:3.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD

    • Enviar en el boletín
    Off

    CVE-2024-10390

    CVE-2024-10390

    Título es
    CVE-2024-10390

    Lun, 18/11/2024 – 17:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10390

    Descripción en
    The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://codecanyon.net/item/elfsight-telegram-chat/25288599

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-47873

    CVE-2024-47873

    Título es
    CVE-2024-47873

    Lun, 18/11/2024 – 17:15

    Tipo
    CWE-611

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47873

    Descripción en
    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/PHPOffice/PhpSpreadsheet/blob/39fc51309181e82593b06e2fa8e45ef8333a0335/src/PhpSpreadsheet/Reader/Security/XmlScanner.php

  • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5w

  • https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing

  • https://www.w3.org/TR/xml/#sec-guessing-no-ext-info

    • Enviar en el boletín
    Off

    CVE-2024-47820

    CVE-2024-47820

    Título es
    CVE-2024-47820

    Lun, 18/11/2024 – 17:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47820

    Descripción en
    MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/MarkUsProject/Markus/pull/7026

  • https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8

    • Enviar en el boletín
    Off

    CVE-2024-47533

    CVE-2024-47533

    Título es
    CVE-2024-47533

    Lun, 18/11/2024 – 17:15

    Tipo
    CWE-287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47533

    Descripción en
    Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0

  • https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda

  • https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h

    • Enviar en el boletín
    Off

    CVE-2024-44757

    CVE-2024-44757

    Título es
    CVE-2024-44757

    Lun, 18/11/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44757

    Descripción en
    An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md

  • https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md

    • Enviar en el boletín
    Off

    CVE-2024-44756

    CVE-2024-44756

    Título es
    CVE-2024-44756

    Lun, 18/11/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44756

    Descripción en
    NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md

  • https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-sqli.md

    • Enviar en el boletín
    Off

    CVE-2024-43416

    CVE-2024-43416

    Título es
    CVE-2024-43416

    Lun, 18/11/2024 – 17:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43416

    Descripción en
    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7

    • Enviar en el boletín
    Off

    CVE-2020-26071

    CVE-2020-26071

    Título es
    CVE-2020-26071

    Lun, 18/11/2024 – 16:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2020-26071

    Descripción es
    Una vulnerabilidad en la CLI del software Cisco SD-WAN podría permitir que un atacante local autenticado cree o sobrescriba archivos arbitrarios en un dispositivo afectado, lo que podría generar una condición de denegación de servicio (DoS). La vulnerabilidad se debe a una validación de entrada insuficiente para comandos específicos. Un atacante podría aprovechar esta vulnerabilidad al incluir argumentos manipulados para esos comandos específicos. Una explotación exitosa podría permitir que el atacante cree o sobrescriba archivos arbitrarios en el dispositivo afectado, lo que podría generar una condición de denegación de servicio (DoS). Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad.

    Descripción en
    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition.
    The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns

    • Enviar en el boletín
    Off

    CVE-2020-26063

    CVE-2020-26063

    Título es
    CVE-2020-26063

    Lun, 18/11/2024 – 16:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2020-26063

    Descripción es
    Una vulnerabilidad en los puntos finales de API de Cisco Integrated Management Controller podría permitir que un atacante remoto autenticado omita la autorización y realice acciones en un sistema vulnerable sin autorización. La vulnerabilidad se debe a comprobaciones de autorización incorrectas en los endpoints de API. Un atacante podría aprovechar esta vulnerabilidad enviando solicitudes maliciosas a un endpoint de API. Una vulnerabilidad podría permitir al atacante descargar archivos o modificar opciones de configuración limitadas en el sistema afectado. No existen workarounds que aborden esta vulnerabilidad.

    Descripción en
    A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.
    The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3

    • Enviar en el boletín
    Off