CVE-2024-53580

CVE-2024-53580

Título es
CVE-2024-53580

Mié, 18/12/2024 – 23:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-53580

Descripción en
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.

19/12/2024
19/12/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3

  • https://github.com/esnet/iperf/releases/tag/3.18

    • Enviar en el boletín
    Off

    CVE-2024-56319

    CVE-2024-56319

    Título es
    CVE-2024-56319

    Mié, 18/12/2024 – 23:15

    Tipo
    CWE-770

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56319

    Descripción en
    In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion).

    19/12/2024
    19/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/project-chip/connectedhomeip/commit/e3277eb02ed8115de5887e8beca0e35007ba71f3

  • https://github.com/project-chip/connectedhomeip/issues/36760

  • https://github.com/project-chip/connectedhomeip/pull/36843

    • Enviar en el boletín
    Off

    CVE-2024-56318

    CVE-2024-56318

    Título es
    CVE-2024-56318

    Mié, 18/12/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56318

    Descripción en
    In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

    19/12/2024
    19/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/project-chip/connectedhomeip/commit/27ca6ec255b78168e04bd71e0f1a473869cf144b

  • https://github.com/project-chip/connectedhomeip/issues/36750

  • https://github.com/project-chip/connectedhomeip/pull/36751

    • Enviar en el boletín
    Off

    CVE-2024-56317

    CVE-2024-56317

    Título es
    CVE-2024-56317

    Mié, 18/12/2024 – 23:15

    Tipo
    CWE-281

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56317

    Descripción en
    In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

    19/12/2024
    19/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/project-chip/connectedhomeip/issues/36535

    • Enviar en el boletín
    Off

    CVE-2024-56052

    CVE-2024-56052

    Título es
    CVE-2024-56052

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-434

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56052

    Descripción en
    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-student-arbitrary-file-upload-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56051

    CVE-2024-56051

    Título es
    CVE-2024-56051

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56051

    Descripción en
    Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-student-remote-code-execution-rce-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56050

    CVE-2024-56050

    Título es
    CVE-2024-56050

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-434

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56050

    Descripción en
    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56049

    CVE-2024-56049

    Título es
    CVE-2024-56049

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-35

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56049

    Descripción en
    Path Traversal: '…/…//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56048

    CVE-2024-56048

    Título es
    CVE-2024-56048

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56048

    Descripción en
    Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56047

    CVE-2024-56047

    Título es
    CVE-2024-56047

    Mié, 18/12/2024 – 19:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56047

    Descripción en
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.

    18/12/2024
    18/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-subscriber-sql-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off