CVE-2024-11931

CVE-2024-11931

Título es
CVE-2024-11931

Vie, 24/01/2025 – 03:15

Tipo
CWE-1220

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-11931

Descripción en
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.

24/01/2025
24/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/480901

    • Enviar en el boletín
    Off

    CVE-2025-0314

    CVE-2025-0314

    Título es
    CVE-2025-0314

    Vie, 24/01/2025 – 03:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0314

    Descripción en
    An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

    24/01/2025
    24/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/512118

  • https://hackerone.com/reports/2922313

    • Enviar en el boletín
    Off

    CVE-2021-30745

    CVE-2021-30745

    Título es
    CVE-2021-30745

    Vie, 24/01/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2021-30745

    Descripción en
    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Rejected Reason: This candidate is unused by its CNA.

    24/01/2025
    24/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Enviar en el boletín
    Off

    CVE-2024-57328

    CVE-2024-57328

    Título es
    CVE-2024-57328

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57328

    Descripción en
    A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57328

    • Enviar en el boletín
    Off

    CVE-2024-57326

    CVE-2024-57326

    Título es
    CVE-2024-57326

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57326

    Descripción en
    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57326

    • Enviar en el boletín
    Off

    CVE-2024-55195

    CVE-2024-55195

    Título es
    CVE-2024-55195

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-55195

    Descripción en
    An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4553

    • Enviar en el boletín
    Off

    CVE-2025-0693

    CVE-2025-0693

    Título es
    CVE-2025-0693

    Jue, 23/01/2025 – 22:15

    Tipo
    CWE-204

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0693

    Descripción en
    Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

    23/01/2025
    23/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://aws.amazon.com/security/security-bulletins/AWS-2025-002/

    • Enviar en el boletín
    Off

    CVE-2024-57556

    CVE-2024-57556

    Título es
    CVE-2024-57556

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57556

    Descripción en
    Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/nbubna/store/issues/127

    • Enviar en el boletín
    Off

    CVE-2024-57386

    CVE-2024-57386

    Título es
    CVE-2024-57386

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57386

    Descripción en
    Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/PawaritSanguanpang/CVEs/tree/main/Wallos/CVE-2024-57386

    • Enviar en el boletín
    Off

    CVE-2024-57329

    CVE-2024-57329

    Título es
    CVE-2024-57329

    Jue, 23/01/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57329

    Descripción en
    HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.

    23/01/2025
    23/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57329

    • Enviar en el boletín
    Off