CVE-2020-9089 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.

CVE-2020-9211 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. (Vulnerability ID: HWPSIRT-2020-05103)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9211.

CVE-2020-9210 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.

CVE-2020-9236 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.

CVE-2020-9222 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.

CVE-2020-9253 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253.

CVE-2024-3393

CVE-2024-3393

Título es
CVE-2024-3393

Vie, 27/12/2024 – 10:15

Tipo
CWE-754

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-3393

Descripción en
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

27/12/2024
27/12/2024
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

Gravedad 4.0
8.70

Gravedad 4.0 txt
HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://security.paloaltonetworks.com/CVE-2024-3393

    • Enviar en el boletín
    Off

    CVE-2024-11605

    CVE-2024-11605

    Título es
    CVE-2024-11605

    Vie, 27/12/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11605

    Descripción en
    The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    27/12/2024
    27/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/

    • Enviar en el boletín
    Off

    CVE-2024-56527

    CVE-2024-56527

    Título es
    CVE-2024-56527

    Vie, 27/12/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56527

    Descripción en
    An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

    27/12/2024
    27/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1

  • https://github.com/tecnickcom/TCPDF/compare/6.7.8…6.8.0

  • https://tcpdf.org

    • Enviar en el boletín
    Off

    CVE-2024-12982

    CVE-2024-12982

    Título es
    CVE-2024-12982

    Vie, 27/12/2024 – 06:15

    Tipo
    CWE-79

    Gravedad v2.0
    3.30

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2024-12982

    Descripción en
    A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    27/12/2024
    27/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_289358=

  • https://vuldb.com/?id_289358=

  • https://vuldb.com/?submit_469202=

    • Enviar en el boletín
    Off