2024 - Página 65 de 834

18 Dic 2024

CVE-2024-56174

Título es

CVE-2024-56174

Mié, 18/12/2024 – 06:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56174

Descripción en

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.

18/12/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-56173

Título es

CVE-2024-56173

Mié, 18/12/2024 – 06:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56173

Descripción en

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.

18/12/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-56175

Título es

CVE-2024-56175

Mié, 18/12/2024 – 06:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56175

Descripción en

18/12/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-11295

Título es

CVE-2024-11295

Mié, 18/12/2024 – 07:15

Tipo

CWE-200

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-11295

Descripción en

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

18/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://plugins.trac.wordpress.org/changeset/3205648/simple-page-access-restriction

https://www.wordfence.com/threat-intel/vulnerabilities/id/ed92806e-5d75-4a23-a588-821e9ada1b32?source=cve

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-47397

Título es

CVE-2024-47397

Mié, 18/12/2024 – 07:15

Tipo

CWE-1390

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47397

Descripción en

Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string.

18/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://jvn.jp/en/vu/JVNVU91084137/

AE1021/AE1021PEのファームウェア 2.0.11 公開のお知らせ

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-39703

Título es

CVE-2024-39703

Mié, 18/12/2024 – 07:15

Tipo

CWE-77

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-39703

Descripción en

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint.

18/12/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 4.0

8.70

Gravedad 4.0 txt

HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)

8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://threatq.freshdesk.com/helpdesk/tickets/10367

https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-01

Vulnerability Management & Prioritization TEST

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-1610

Título es

CVE-2024-1610

Mié, 18/12/2024 – 07:15

Tipo

CWE-287

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-1610

Descripción en

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

18/12/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0

8.70

Gravedad 4.0 txt

HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-12287

Título es

CVE-2024-12287

Mié, 18/12/2024 – 07:15

Tipo

CWE-287

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-12287

Descripción en

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.

18/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://themeforest.net/item/biagiotti-beauty-and-cosmetics-shop/24645919

https://www.wordfence.com/threat-intel/vulnerabilities/id/12f319df-41eb-484a-8fca-af6ae76f4179?source=cve

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-54457

Título es

CVE-2024-54457

Mié, 18/12/2024 – 07:15

Tipo

CWE-1242

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-54457

Descripción en

Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.

18/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://jvn.jp/en/vu/JVNVU91084137/

AE1021/AE1021PEのファームウェア 2.0.11 公開のお知らせ

Enviar en el boletín

Off

18 Dic 2024

CVE-2024-53688

Título es

CVE-2024-53688

Mié, 18/12/2024 – 07:15

Tipo

CWE-78

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53688

Descripción en

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request.

18/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://jvn.jp/en/vu/JVNVU91084137/

AE1021/AE1021PEのファームウェア 2.0.11 公開のお知らせ

Enviar en el boletín

Off

Archivos anuales: 2024