CVE-2024-8798

CVE-2024-8798

Título es
CVE-2024-8798

Lun, 16/12/2024 – 00:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-8798

Descripción en
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.

16/12/2024
16/12/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp

    • Enviar en el boletín
    Off

    CVE-2024-7701

    CVE-2024-7701

    Título es
    CVE-2024-7701

    Dom, 15/12/2024 – 11:15

    Tipo
    CWE-916

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7701

    Descripción en
    Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.

    15/12/2024
    15/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/percona/percona-toolkit/blob/aa1ac0e6889168fddf73c3a72d447e9ea0c0c63b/src/go/pt-secure-collect/encrypt.go#L17

    • Enviar en el boletín
    Off

    CVE-2024-11858

    CVE-2024-11858

    Título es
    CVE-2024-11858

    Dom, 15/12/2024 – 14:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11858

    Descripción en
    A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​

    15/12/2024
    15/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://bugzilla.redhat.com/show_bug.cgi?id=2329102

    • Enviar en el boletín
    Off

    CVE-2024-55970

    CVE-2024-55970

    Título es
    CVE-2024-55970

    Dom, 15/12/2024 – 03:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-55970

    Descripción en
    File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734.

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://ej2.syncfusion.com/aspnetmvc/documentation/release-notes/27.1.55?type=all

    • Enviar en el boletín
    Off

    CVE-2024-56073

    CVE-2024-56073

    Título es
    CVE-2024-56073

    Dom, 15/12/2024 – 03:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56073

    Descripción en
    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://cwe.mitre.org/data/definitions/369.html

  • https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c

    • Enviar en el boletín
    Off

    CVE-2024-56072

    CVE-2024-56072

    Título es
    CVE-2024-56072

    Dom, 15/12/2024 – 03:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56072

    Descripción en
    An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000

  • https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48

    • Enviar en el boletín
    Off

    CVE-2024-55969

    CVE-2024-55969

    Título es
    CVE-2024-55969

    Dom, 15/12/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-55969

    Descripción en
    DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://ej2.syncfusion.com/aspnetmvc/documentation/release-notes/27.1.55?type=all

    • Enviar en el boletín
    Off

    CVE-2024-56074

    CVE-2024-56074

    Título es
    CVE-2024-56074

    Dom, 15/12/2024 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56074

    Descripción en
    gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30

  • https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L99-L100

  • https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9b571ff

  • https://github.com/cyclotruc/gitingest/pull/23

  • https://gitingest.com/

    • Enviar en el boletín
    Off

    CVE-2024-56082

    CVE-2024-56082

    Título es
    CVE-2024-56082

    Dom, 15/12/2024 – 05:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56082

    Descripción en
    ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.

    15/12/2024
    15/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/andrewnguonly/Lumos/issues/193

  • https://github.com/andrewnguonly/Lumos/releases/tag/1.0.17

  • https://github.com/quantizor/markdown-to-jsx/blob/4fa87d89ad87f97b2d9e56cb969d12f9a838f3ac/README.md?plain=1#L535-L537

    • Enviar en el boletín
    Off

    CVE-2024-31891

    CVE-2024-31891

    Título es
    CVE-2024-31891

    Sáb, 14/12/2024 – 13:15

    Tipo
    CWE-250

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-31891

    Descripción en
    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1

    contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.

    14/12/2024
    14/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.ibm.com/support/pages/node/7178098

    • Enviar en el boletín
    Off