CVE-2024-56965

CVE-2024-56965

Título es
CVE-2024-56965

Lun, 27/01/2025 – 19:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-56965

Descripción en
An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.

27/01/2025
27/01/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/ZhouZiyi1/Vuls/blob/main/241230-Shihuo/241230-Shihuo.pdf

    • Enviar en el boletín
    Off

    CVE-2024-56972

    CVE-2024-56972

    Título es
    CVE-2024-56972

    Lun, 27/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56972

    Descripción en
    An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.

    27/01/2025
    27/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/ZhouZiyi1/Vuls/blob/main/250109-MideaHome/250109-MideaHome.pdf

    • Enviar en el boletín
    Off

    CVE-2024-56971

    CVE-2024-56971

    Título es
    CVE-2024-56971

    Lun, 27/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56971

    Descripción en
    An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.

    27/01/2025
    27/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/ZhouZiyi1/Vuls/blob/main/250108-ShuqiNovel/250108-ShuqiNovel.pdf

    • Enviar en el boletín
    Off

    CVE-2024-56969

    CVE-2024-56969

    Título es
    CVE-2024-56969

    Lun, 27/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56969

    Descripción en
    An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.

    27/01/2025
    27/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/ZhouZiyi1/Vuls/blob/main/250107-BeautyPlus/250107-BeautyPlus.pdf

    • Enviar en el boletín
    Off

    CVE-2024-56968

    CVE-2024-56968

    Título es
    CVE-2024-56968

    Lun, 27/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56968

    Descripción en
    An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.

    27/01/2025
    27/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/ZhouZiyi1/Vuls/blob/main/250106-GoveeHome/250106-GoveeHome.pdf

    • Enviar en el boletín
    Off

    CVE-2025-0734

    CVE-2025-0734

    Título es
    CVE-2025-0734

    Lun, 27/01/2025 – 19:15

    Tipo
    CWE-20

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0734

    Descripción en
    A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    27/01/2025
    27/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gist.github.com/GSBP0/3c1b0f9dbdd2a48b8f52330cfbbc279b

  • https://vuldb.com/?ctiid_293512=

  • https://vuldb.com/?id_293512=

  • https://vuldb.com/?submit_482823=

    • Enviar en el boletín
    Off

    CVE-2025-0751

    CVE-2025-0751

    Título es
    CVE-2025-0751

    Lun, 27/01/2025 – 20:15

    Tipo
    CWE-119

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-0751

    Descripción en
    A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    27/01/2025
    27/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/axiomatic-systems/Bento4/issues/991

  • https://github.com/user-attachments/files/18434657/seeds.zip

  • https://vuldb.com/?ctiid_293517=

  • https://vuldb.com/?id_293517=

  • https://vuldb.com/?submit_483315=

    • Enviar en el boletín
    Off

    CVE-2024-48841

    CVE-2024-48841

    Título es
    CVE-2024-48841

    Lun, 27/01/2025 – 20:15

    Tipo
    CWE-98

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48841

    Descripción en
    Network access can be used to execute arbitrary code with elevated privileges.

    This
    issue affects FLXEON 9.3.4 and older.

    27/01/2025
    27/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    Gravedad 4.0
    10.00

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 (CVSS 3.1 Base Score)
    10.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

    • Enviar en el boletín
    Off

    CVE-2025-0729

    CVE-2025-0729

    Título es
    CVE-2025-0729

    Lun, 27/01/2025 – 17:15

    Tipo
    CWE-451

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0729

    Descripción en
    A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

    27/01/2025
    27/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:N/I:P/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md

  • https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip

  • https://vuldb.com/?ctiid_293507=

  • https://vuldb.com/?id_293507=

  • https://vuldb.com/?submit_478451=

  • https://www.tp-link.com/

    • Enviar en el boletín
    Off

    CVE-2024-57276

    CVE-2024-57276

    Título es
    CVE-2024-57276

    Lun, 27/01/2025 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57276

    Descripción en
    In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.

    27/01/2025
    27/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md

  • https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Dragon%20Age%20Origins/Description.md

    • Enviar en el boletín
    Off