CVE-2024-6612

CVE-2024-6612

Título es
CVE-2024-6612

Mar, 09/07/2024 – 15:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-6612

Descripción en
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox

09/07/2024
09/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1880374

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-6611

    CVE-2024-6611

    Título es
    CVE-2024-6611

    Mar, 09/07/2024 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6611

    Descripción en
    A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1844827

  • https://www.mozilla.org/security/advisories/mfsa2024-29/

    • Enviar en el boletín
    Off

    CVE-2024-39875

    CVE-2024-39875

    Título es
    CVE-2024-39875

    Mar, 09/07/2024 – 12:15

    Tipo
    CWE-732

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39875

    Descripción en
    A vulnerability has been identified in SINEMA Remote Connect Server (All versions

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-381581.html

    • Enviar en el boletín
    Off

    CVE-2024-39874

    CVE-2024-39874

    Título es
    CVE-2024-39874

    Mar, 09/07/2024 – 12:15

    Tipo
    CWE-307

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39874

    Descripción en
    A vulnerability has been identified in SINEMA Remote Connect Server (All versions

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-381581.html

    • Enviar en el boletín
    Off

    CVE-2024-39888

    CVE-2024-39888

    Título es
    CVE-2024-39888

    Mar, 09/07/2024 – 12:15

    Tipo
    CWE-547

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39888

    Descripción en
    A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-998949.html

    • Enviar en el boletín
    Off

    CVE-2024-39876

    CVE-2024-39876

    Título es
    CVE-2024-39876

    Mar, 09/07/2024 – 12:15

    Tipo
    CWE-770

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39876

    Descripción en
    A vulnerability has been identified in SINEMA Remote Connect Server (All versions

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-381581.html

    • Enviar en el boletín
    Off

    CVE-2024-6391

    CVE-2024-6391

    Título es
    CVE-2024-6391

    Mar, 09/07/2024 – 12:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6391

    Descripción en
    The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/browser/oik/trunk/shortcodes/oik-button.php#L34

  • https://plugins.trac.wordpress.org/changeset/3112763/

  • oik



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dfa92a-57da-49ab-95f7-504fa99ed47f?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-22271

    CVE-2024-22271

    Título es
    CVE-2024-22271

    Mar, 09/07/2024 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-22271

    Descripción en
    In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.

    Specifically, an application is vulnerable when all of the following are true:

    User is using Spring Cloud Function Web module

    Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8

    References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published.

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://spring.io/security/cve-2024-22271

    • Enviar en el boletín
    Off

    CVE-2024-37952

    CVE-2024-37952

    Título es
    CVE-2024-37952

    Mar, 09/07/2024 – 13:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37952

    Descripción en
    Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/bookyourtravel/wordpress-bookyourtravel-theme-8-18-17-subscriber-privilege-escalation-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37934

    CVE-2024-37934

    Título es
    CVE-2024-37934

    Mar, 09/07/2024 – 13:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37934

    Descripción en
    Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

    09/07/2024
    09/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off