CVE-2024-22067

CVE-2024-22067

Título es
CVE-2024-22067

Lun, 18/11/2024 – 07:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-22067

Descripción en
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.

18/11/2024
18/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173

    • Enviar en el boletín
    Off

    CVE-2024-52920

    CVE-2024-52920

    Título es
    CVE-2024-52920

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52920

    Descripción en
    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52919

    CVE-2024-52919

    Título es
    CVE-2024-52919

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52919

    Descripción en
    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52918

    CVE-2024-52918

    Título es
    CVE-2024-52918

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52918

    Descripción en
    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52917

    CVE-2024-52917

    Título es
    CVE-2024-52917

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52917

    Descripción en
    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52916

    CVE-2024-52916

    Título es
    CVE-2024-52916

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52916

    Descripción en
    Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/07/03/disclose-header-spam/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52926

    CVE-2024-52926

    Título es
    CVE-2024-52926

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52926

    Descripción en
    Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

    18/11/2024
    18/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm

    • Enviar en el boletín
    Off

    CVE-2024-52922

    CVE-2024-52922

    Título es
    CVE-2024-52922

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52922

    Descripción en
    In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-52921

    CVE-2024-52921

    Título es
    CVE-2024-52921

    Lun, 18/11/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52921

    Descripción en
    In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/

  • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

    • Enviar en el boletín
    Off

    CVE-2024-43704

    CVE-2024-43704

    Título es
    CVE-2024-43704

    Lun, 18/11/2024 – 05:15

    Tipo
    CWE-668

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43704

    Descripción en
    Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.

    18/11/2024
    18/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off