CVE-2024-51577

CVE-2024-51577

Título es
CVE-2024-51577

Dom, 10/11/2024 – 10:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-51577

Descripción en
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0.

10/11/2024
10/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://patchstack.com/database/vulnerability/bpmnio/wordpress-bpmn-io-plugin-1-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-51578

    CVE-2024-51578

    Título es
    CVE-2024-51578

    Dom, 10/11/2024 – 10:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51578

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0.

    10/11/2024
    10/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/3d-presentation/wordpress-3d-presentation-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-11049

    CVE-2024-11049

    Título es
    CVE-2024-11049

    Dom, 10/11/2024 – 06:15

    Tipo
    CWE-425

    Gravedad v2.0
    2.60

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2024-11049

    Descripción en
    A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:H/Au:N/C:P/I:N/A:N

    Gravedad 4.0
    6.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1

  • https://vuldb.com/?ctiid_283662=

  • https://vuldb.com/?id_283662=

  • https://vuldb.com/?submit_435034=

    • Enviar en el boletín
    Off

    CVE-2024-11050

    CVE-2024-11050

    Título es
    CVE-2024-11050

    Dom, 10/11/2024 – 07:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-11050

    Descripción en
    A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://vuldb.com/?ctiid_283793=

  • https://vuldb.com/?id_283793=

  • https://vuldb.com/?submit_432690=

  • https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e

    • Enviar en el boletín
    Off

    CVE-2024-11046

    CVE-2024-11046

    Título es
    CVE-2024-11046

    Dom, 10/11/2024 – 03:15

    Tipo
    CWE-77

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-11046

    Descripción en
    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_command_injection/DI8003_command_injection.md

  • https://vuldb.com/?ctiid_283632=

  • https://vuldb.com/?id_283632=

  • https://vuldb.com/?submit_434929=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-11047

    CVE-2024-11047

    Título es
    CVE-2024-11047

    Dom, 10/11/2024 – 04:15

    Tipo
    CWE-119

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-11047

    Descripción en
    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md

  • https://vuldb.com/?ctiid_283633=

  • https://vuldb.com/?id_283633=

  • https://vuldb.com/?submit_434931=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-11048

    CVE-2024-11048

    Título es
    CVE-2024-11048

    Dom, 10/11/2024 – 04:15

    Tipo
    CWE-119

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-11048

    Descripción en
    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    10/11/2024
    10/11/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md

  • https://vuldb.com/?ctiid_283634=

  • https://vuldb.com/?id_283634=

  • https://vuldb.com/?submit_434936=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-42000

    CVE-2024-42000

    Título es
    CVE-2024-42000

    Sáb, 09/11/2024 – 18:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42000

    Descripción en
    Mattermost versions 9.10.x

    09/11/2024
    09/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off

    CVE-2024-36250

    CVE-2024-36250

    Título es
    CVE-2024-36250

    Sáb, 09/11/2024 – 18:15

    Tipo
    CWE-303

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-36250

    Descripción en
    Mattermost versions 9.11.x

    09/11/2024
    09/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off

    CVE-2024-52032

    CVE-2024-52032

    Título es
    CVE-2024-52032

    Sáb, 09/11/2024 – 18:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52032

    Descripción en
    Mattermost versions 10.0.x

    09/11/2024
    09/11/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off