noviembre 2024 - Página 33 de 117

15 Nov 2024

CVE-2017-13313

Título es

CVE-2017-13313

Vie, 15/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2017-13313

Descripción en

In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

15/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://source.android.com/security/bulletin/2018-05-01

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-50983

Título es

CVE-2024-50983

Vie, 15/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-50983

Descripción en

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.

15/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/redhotchilihacker1/CVE-Hunting/blob/master/CVE-2024-50983/README.md

https://github.com/swampopus/flightpath/blob/e713acf9f125af22cc68c2f5664c2869cd73616b/flightpath/CHANGELOG.txt#L4

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-38370

Título es

CVE-2024-38370

Vie, 15/11/2024 – 22:15

Tipo

CWE-285

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-38370

Descripción en

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.

15/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-9500

Título es

CVE-2024-9500

Vie, 15/11/2024 – 22:15

Tipo

CWE-269

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-9500

Descripción en

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.

15/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

7.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0023

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-51765

Título es

CVE-2024-51765

Vie, 15/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51765

Descripción en

A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

15/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04748en_us&docLocale=en_US

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-51764

Título es

CVE-2024-51764

Vie, 15/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51764

Descripción en

A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

15/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-11263

Título es

CVE-2024-11263

Vie, 15/11/2024 – 23:15

Tipo

CWE-270

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-11263

Descripción en

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.

16/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7×72-pqm9

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-11262

Título es

CVE-2024-11262

Vie, 15/11/2024 – 23:15

Tipo

CWE-119

Gravedad v2.0

4.30

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-11262

Descripción en

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

16/11/2024

Vector CVSS:4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:L/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0

4.80

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/Hacker0xone/CVE/issues/13

https://vuldb.com/?ctiid_284719=

https://vuldb.com/?id_284719=

https://vuldb.com/?submit_443950=

https://www.sourcecodester.com/

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-3334

Título es

CVE-2024-3334

Vie, 15/11/2024 – 20:15

Tipo

CWE-922

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-3334

Descripción en

A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data.

15/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3

https://www.fortra.com/security/advisories/product-security/fi-2024-013

Enviar en el boletín

Off

15 Nov 2024

CVE-2024-24459

Título es

CVE-2024-24459

Vie, 15/11/2024 – 20:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-24459

Descripción en

An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

15/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

http://athonet.com

https://cellularsecurity.org/ransacked

Enviar en el boletín

Off

Archivos mensuales: noviembre 2024