noviembre 2024 - Página 64 de 117

11 Nov 2024

CVE-2024-43439

Título es

CVE-2024-43439

Lun, 11/11/2024 – 16:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43439

Descripción en

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=2304268

https://moodle.org/mod/forum/discuss.php?d=461209

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-45087

Título es

CVE-2024-45087

Lun, 11/11/2024 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-45087

Descripción en

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://www.ibm.com/support/pages/node/7175393

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-11073

Título es

CVE-2024-11073

Lun, 11/11/2024 – 17:15

Tipo

CWE-266

Gravedad v2.0

4.00

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-11073

Descripción en

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

11/11/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Vector CVSS:2.0

AV:N/AC:L/Au:S/C:N/I:P/A:N

Gravedad 4.0

5.30

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://drive.google.com/file/d/1yFo0re8taTry7oR4-EDg3UHwO2lkqO9N/view?usp=sharing

https://github.com/Salah-Tayeh/CVEs-and-Vulnerabilities/blob/main/Hospital%20Management%20System%20-%20IDOR%20Causing%20Deletion%20of%20any%20patient%20account.md

https://vuldb.com/?ctiid_283869=

https://vuldb.com/?id_283869=

https://vuldb.com/?submit_440799=

https://www.sourcecodester.com/

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-10917

Título es

CVE-2024-10917

Lun, 11/11/2024 – 17:15

Tipo

CWE-190

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-10917

Descripción en

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

3.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://github.com/eclipse-openj9/openj9/pull/20362

https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0

https://gitlab.eclipse.org/security/cve-assignement/-/issues/47

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-43437

Título es

CVE-2024-43437

Lun, 11/11/2024 – 13:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43437

Descripción en

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=2304266

https://moodle.org/mod/forum/discuss.php?d=461207

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-43435

Título es

CVE-2024-43435

Lun, 11/11/2024 – 13:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43435

Descripción en

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=2304263

https://moodle.org/mod/forum/discuss.php?d=461205

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-43433

Título es

CVE-2024-43433

Lun, 11/11/2024 – 13:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43433

Descripción en

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=2304261

https://moodle.org/mod/forum/discuss.php?d=461202

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-43432

Título es

CVE-2024-43432

Lun, 11/11/2024 – 13:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43432

Descripción en

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

11/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=2304260

https://moodle.org/mod/forum/discuss.php?d=461200

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-34015

Título es

CVE-2024-34015

Lun, 11/11/2024 – 14:15

Tipo

CWE-61

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-34015

Descripción en

Sensitive information disclosure during file browsing due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.

11/11/2024

Vector CVSS:3.1

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

3.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://security-advisory.acronis.com/advisories/SEC-7601

Enviar en el boletín

Off

11 Nov 2024

CVE-2024-34014

Título es

CVE-2024-34014

Lun, 11/11/2024 – 14:15

Tipo

CWE-61

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-34014

Descripción en

Arbitrary file overwrite during recovery due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181.

11/11/2024

Vector CVSS:3.1

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://security-advisory.acronis.com/advisories/SEC-7592

Enviar en el boletín

Off

Archivos mensuales: noviembre 2024