CVE-2024-50955

CVE-2024-50955

Título es
CVE-2024-50955

Mié, 13/11/2024 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-50955

Descripción en
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.

13/11/2024
13/11/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XD5E-24R%20XL5E-16T%20TCP%20DoS/XINJE%20XD5E-24R%20XL5E-16T%20TCP%20DoS.md

    • Enviar en el boletín
    Off

    CVE-2024-40407

    CVE-2024-40407

    Título es
    CVE-2024-40407

    Mié, 13/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40407

    Descripción en
    A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.

    14/11/2024
    14/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Thinfinity® Workspace Security Bulletin


    • Enviar en el boletín
    Off

    CVE-2024-40405

    CVE-2024-40405

    Título es
    CVE-2024-40405

    Mié, 13/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40405

    Descripción en
    Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.

    14/11/2024
    14/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Thinfinity® Workspace Security Bulletin


    • Enviar en el boletín
    Off

    CVE-2024-40404

    CVE-2024-40404

    Título es
    CVE-2024-40404

    Mié, 13/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40404

    Descripción en
    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.

    14/11/2024
    14/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Thinfinity® Workspace Security Bulletin


    • Enviar en el boletín
    Off

    CVE-2024-40410

    CVE-2024-40410

    Título es
    CVE-2024-40410

    Mié, 13/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40410

    Descripción en
    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.

    14/11/2024
    14/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Thinfinity® Workspace Security Bulletin


    • Enviar en el boletín
    Off

    CVE-2024-40408

    CVE-2024-40408

    Título es
    CVE-2024-40408

    Mié, 13/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40408

    Descripción en
    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.

    14/11/2024
    14/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Thinfinity® Workspace Security Bulletin


    • Enviar en el boletín
    Off

    CVE-2024-43093

    CVE-2024-43093

    Título es
    CVE-2024-43093

    Mié, 13/11/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43093

    Descripción en
    In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

    13/11/2024
    13/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed

  • https://source.android.com/security/bulletin/2024-11-01

    • Enviar en el boletín
    Off

    CVE-2024-43091

    CVE-2024-43091

    Título es
    CVE-2024-43091

    Mié, 13/11/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43091

    Descripción en
    In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    13/11/2024
    13/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10

  • https://source.android.com/security/bulletin/2024-11-01

    • Enviar en el boletín
    Off

    CVE-2024-43089

    CVE-2024-43089

    Título es
    CVE-2024-43089

    Mié, 13/11/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43089

    Descripción en
    In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    13/11/2024
    13/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/33ff6a663eea1fcdd2b422b98722c1dee48a7f6a

  • https://source.android.com/security/bulletin/2024-11-01

    • Enviar en el boletín
    Off

    CVE-2024-43088

    CVE-2024-43088

    Título es
    CVE-2024-43088

    Mié, 13/11/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43088

    Descripción en
    In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.

    13/11/2024
    13/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001

  • https://source.android.com/security/bulletin/2024-11-01

    • Enviar en el boletín
    Off