CVE-2024-46956

CVE-2024-46956

Título es
CVE-2024-46956

Dom, 10/11/2024 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-46956

Descripción en
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

10/11/2024
10/11/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=707895

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca

  • https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

  • https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/

    • Enviar en el boletín
    Off

    CVE-2024-46955

    CVE-2024-46955

    Título es
    CVE-2024-46955

    Dom, 10/11/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46955

    Descripción en
    An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

    10/11/2024
    10/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=707990

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6

  • https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

  • https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/

    • Enviar en el boletín
    Off

    CVE-2024-46954

    CVE-2024-46954

    Título es
    CVE-2024-46954

    Dom, 10/11/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46954

    Descripción en
    An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

    10/11/2024
    10/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=707788

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934

  • https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

    • Enviar en el boletín
    Off

    CVE-2024-46953

    CVE-2024-46953

    Título es
    CVE-2024-46953

    Dom, 10/11/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46953

    Descripción en
    An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

    10/11/2024
    10/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=707793

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00

  • https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

  • https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/

    • Enviar en el boletín
    Off

    CVE-2024-46952

    CVE-2024-46952

    Título es
    CVE-2024-46952

    Dom, 10/11/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46952

    Descripción en
    An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

    10/11/2024
    10/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=708001

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f

  • https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

    • Enviar en el boletín
    Off

    CVE-2024-11058

    CVE-2024-11058

    Título es
    CVE-2024-11058

    Dom, 10/11/2024 – 23:15

    Tipo
    CWE-74

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-11058

    Descripción en
    A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    11/11/2024
    11/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://codeastro.com/

  • https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_sqli.md

  • https://vuldb.com/?ctiid_283804=

  • https://vuldb.com/?id_283804=

  • https://vuldb.com/?submit_439683=

    • Enviar en el boletín
    Off

    CVE-2021-41737

    CVE-2021-41737

    Título es
    CVE-2021-41737

    Dom, 10/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2021-41737

    Descripción en
    In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.

    11/11/2024
    11/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/grame-cncm/faust/issues/653

  • https://github.com/grame-cncm/faust/tree/e682dbeeb7cc0ec9a1fcb6872f53433e454aa233

    • Enviar en el boletín
    Off

    CVE-2021-35473

    CVE-2021-35473

    Título es
    CVE-2021-35473

    Dom, 10/11/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2021-35473

    Descripción en
    An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4.

    11/11/2024
    11/11/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549

  • https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags

    • Enviar en el boletín
    Off

    CVE-2024-11057

    CVE-2024-11057

    Título es
    CVE-2024-11057

    Dom, 10/11/2024 – 18:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-11057

    Descripción en
    A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/Hacker0xone/CVE/issues/4

  • https://vuldb.com/?ctiid_283801=

  • https://vuldb.com/?id_283801=

  • https://vuldb.com/?submit_439363=

    • Enviar en el boletín
    Off

    CVE-2024-11055

    CVE-2024-11055

    Título es
    CVE-2024-11055

    Dom, 10/11/2024 – 15:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-11055

    Descripción en
    A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://1000projects.org/

  • https://github.com/Hacker0xone/CVE/issues/3

  • https://vuldb.com/?ctiid_283799=

  • https://vuldb.com/?id_283799=

  • https://vuldb.com/?submit_439322=

    • Enviar en el boletín
    Off