CVE-2024-27783

CVE-2024-27783

Título es
CVE-2024-27783

Mar, 09/07/2024 – 16:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-27783

Descripción en
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

09/07/2024
09/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://fortiguard.fortinet.com/psirt/FG-IR-24-070

    • Enviar en el boletín
    Off

    CVE-2024-27782

    CVE-2024-27782

    Título es
    CVE-2024-27782

    Mar, 09/07/2024 – 16:15

    Tipo
    CWE-613

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-27782

    Descripción en
    Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://fortiguard.fortinet.com/psirt/FG-IR-24-069

    • Enviar en el boletín
    Off

    CVE-2024-6610

    CVE-2024-6610

    Título es
    CVE-2024-6610

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6610

    Descripción en
    Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1883396

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6609

    CVE-2024-6609

    Título es
    CVE-2024-6609

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6609

    Descripción en
    When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1839258

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6608

    CVE-2024-6608

    Título es
    CVE-2024-6608

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6608

    Descripción en
    It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1743329

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6607

    CVE-2024-6607

    Título es
    CVE-2024-6607

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6607

    Descripción en
    It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1694513

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6606

    CVE-2024-6606

    Título es
    CVE-2024-6606

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6606

    Descripción en
    Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1902305

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6615

    CVE-2024-6615

    Título es
    CVE-2024-6615

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6615

    Descripción en
    Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1892875%2C1894428%2C1898364

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6614

    CVE-2024-6614

    Título es
    CVE-2024-6614

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6614

    Descripción en
    The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1902983

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6613

    CVE-2024-6613

    Título es
    CVE-2024-6613

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6613

    Descripción en
    The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1900523

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off