CVE-2023-39327

CVE-2023-39327

Título es
CVE-2023-39327

Sáb, 13/07/2024 – 03:15

Tipo
CWE-400

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2023-39327

Descripción en
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

13/07/2024
13/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://access.redhat.com/security/cve/CVE-2023-39327

  • https://bugzilla.redhat.com/show_bug.cgi?id=2295812

    • Enviar en el boletín
    Off

    CVE-2024-30213

    CVE-2024-30213

    Título es
    CVE-2024-30213

    Vie, 12/07/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-30213

    Descripción en
    StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution.

    13/07/2024
    13/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • StoneFly SCVM Vulnerability CVE-2024-30213: Improper Neutralization of Special Elements used in a Command


  • Services


    • Enviar en el boletín
    Off

    CVE-2024-31947

    CVE-2024-31947

    Título es
    CVE-2024-31947

    Vie, 12/07/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-31947

    Descripción en
    StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.

    13/07/2024
    13/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • Home


  • StoneFly SCVM Vulnerability CVE-2024-31947: Directory Traversal by Authenticated Users


    • Enviar en el boletín
    Off

    CVE-2024-40521

    CVE-2024-40521

    Título es
    CVE-2024-40521

    Vie, 12/07/2024 – 16:15

    Tipo
    NVD-CWE-noinfo

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*————

    Título en

    CVE-2024-40521

    Descripción en
    SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

    12/07/2024
    12/07/2024
    Fabricante
    seacms

    Producto
    seacms

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md

    • Enviar en el boletín
    Off

    CVE-2024-40522

    CVE-2024-40522

    Título es
    CVE-2024-40522

    Vie, 12/07/2024 – 16:15

    Tipo
    NVD-CWE-noinfo

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*————

    Título en

    CVE-2024-40522

    Descripción en
    There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.

    12/07/2024
    12/07/2024
    Fabricante
    seacms

    Producto
    seacms

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md

    • Enviar en el boletín
    Off

    CVE-2024-40539

    CVE-2024-40539

    Título es
    CVE-2024-40539

    Vie, 12/07/2024 – 16:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*———2024.07.03—

    Título en

    CVE-2024-40539

    Descripción en
    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.

    12/07/2024
    12/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://gitee.com/witmy/my-springsecurity-plus/issues/IAAE8U

    • Enviar en el boletín
    Off

    CVE-2024-40540

    CVE-2024-40540

    Título es
    CVE-2024-40540

    Vie, 12/07/2024 – 16:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*———2024.07.03—

    Título en

    CVE-2024-40540

    Descripción en
    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.

    12/07/2024
    12/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://gitee.com/witmy/my-springsecurity-plus/issues/IAAGZY

    • Enviar en el boletín
    Off

    CVE-2024-40541

    CVE-2024-40541

    Título es
    CVE-2024-40541

    Vie, 12/07/2024 – 16:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*———2024.07.03—

    Título en

    CVE-2024-40541

    Descripción en
    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.

    12/07/2024
    12/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://gitee.com/witmy/my-springsecurity-plus/issues/IAAH8A

    • Enviar en el boletín
    Off

    CVE-2024-40542

    CVE-2024-40542

    Título es
    CVE-2024-40542

    Vie, 12/07/2024 – 16:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    CPE
    cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*———2024.07.03—

    Título en

    CVE-2024-40542

    Descripción en
    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.

    12/07/2024
    12/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://gitee.com/witmy/my-springsecurity-plus/issues/IAAHCR

    • Enviar en el boletín
    Off

    CVE-2023-41093

    CVE-2023-41093

    Título es
    CVE-2023-41093

    Vie, 12/07/2024 – 20:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-41093

    Descripción en
    Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

    12/07/2024
    12/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://community.silabs.com/068Vm000007v4HP

    • Enviar en el boletín
    Off