CVE-2024-11063

CVE-2024-11063

Título es
CVE-2024-11063

Lun, 11/11/2024 – 08:15

Tipo
CWE-78

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-11063

Descripción en
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

11/11/2024
11/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://www.twcert.org.tw/en/cp-139-8229-3c2ab-2.html

  • https://www.twcert.org.tw/tw/cp-132-8222-eb5bb-1.html

    • Enviar en el boletín
    Off

    CVE-2024-11066

    CVE-2024-11066

    Título es
    CVE-2024-11066

    Lun, 11/11/2024 – 08:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11066

    Descripción en
    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html

  • https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html

    • Enviar en el boletín
    Off

    CVE-2024-11065

    CVE-2024-11065

    Título es
    CVE-2024-11065

    Lun, 11/11/2024 – 08:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11065

    Descripción en
    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.twcert.org.tw/en/cp-139-8231-2432e-2.html

  • https://www.twcert.org.tw/tw/cp-132-8224-d939e-1.html

    • Enviar en el boletín
    Off

    CVE-2024-11068

    CVE-2024-11068

    Título es
    CVE-2024-11068

    Lun, 11/11/2024 – 08:15

    Tipo
    CWE-648

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11068

    Descripción en
    The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

  • https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

    • Enviar en el boletín
    Off

    CVE-2024-11067

    CVE-2024-11067

    Título es
    CVE-2024-11067

    Lun, 11/11/2024 – 08:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11067

    Descripción en
    The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.twcert.org.tw/en/cp-139-8233-903d9-2.html

  • https://www.twcert.org.tw/tw/cp-132-8226-0b07b-1.html

    • Enviar en el boletín
    Off

    CVE-2024-52357

    CVE-2024-52357

    Título es
    CVE-2024-52357

    Lun, 11/11/2024 – 06:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52357

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LIQUID DESIGN Ltd. LIQUID BLOCKS allows Stored XSS.This issue affects LIQUID BLOCKS: from n/a through 1.2.0.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/liquid-blocks/wordpress-liquid-blocks-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-52356

    CVE-2024-52356

    Título es
    CVE-2024-52356

    Lun, 11/11/2024 – 06:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52356

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.1.0.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-11016

    CVE-2024-11016

    Título es
    CVE-2024-11016

    Lun, 11/11/2024 – 07:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11016

    Descripción en
    Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.

    11/11/2024
    11/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://www.twcert.org.tw/en/cp-139-8210-46322-2.html

  • https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html

    • Enviar en el boletín
    Off

    CVE-2020-10369

    CVE-2020-10369

    Título es
    CVE-2020-10369

    Dom, 10/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2020-10369

    Descripción en
    Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack.

    11/11/2024
    11/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.redhat.com/show_bug.cgi?id=2052676

  • https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a

  • https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp

  • https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp

    • Enviar en el boletín
    Off

    CVE-2020-10368

    CVE-2020-10368

    Título es
    CVE-2020-10368

    Dom, 10/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2020-10368

    Descripción en
    Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack.

    11/11/2024
    11/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.redhat.com/show_bug.cgi?id=2052676

  • https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a

  • https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp

  • https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp

    • Enviar en el boletín
    Off