enero 2025 - Página 64 de 167

21 Ene 2025

CVE-2024-49699

Título es

CVE-2024-49699

Mar, 21/01/2025 – 14:15

Tipo

CWE-502

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49699

Descripción en

Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-php-object-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-49688

Título es

CVE-2024-49688

Mar, 21/01/2025 – 14:15

Tipo

CWE-502

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49688

Descripción en

Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-49666

Título es

CVE-2024-49666

Mar, 21/01/2025 – 14:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49666

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-49655

Título es

CVE-2024-49655

Mar, 21/01/2025 – 14:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49655

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22262

Título es

CVE-2025-22262

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22262

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bonjour Bar allows Stored XSS. This issue affects Bonjour Bar: from n/a through 1.0.0.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/bonjour-bar/vulnerability/wordpress-bonjour-bar-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-56277

Título es

CVE-2024-56277

Mar, 21/01/2025 – 14:15

Tipo

CWE-116

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56277

Descripción en

Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-51919

Título es

CVE-2024-51919

Mar, 21/01/2025 – 14:15

Tipo

CWE-434

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51919

Descripción en

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-51888

Título es

CVE-2024-51888

Mar, 21/01/2025 – 14:15

Tipo

CWE-266

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51888

Descripción en

Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/homey-login-register/vulnerability/wordpress-homey-login-register-plugin-2-4-0-privilege-escalation-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-51818

Título es

CVE-2024-51818

Mar, 21/01/2025 – 14:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51818

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-57933

Título es

CVE-2024-57933

Mar, 21/01/2025 – 12:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-57933

Descripción en

In the Linux kernel, the following vulnerability has been resolved:

gve: guard XSK operations on the existence of queues

This patch predicates the enabling and disabling of XSK pools on the
existence of queues. As it stands, if the interface is down, disabling
or enabling XSK pools would result in a crash, as the RX queue pointer
would be NULL. XSK pool registration will occur as part of the next
interface up.

Similarly, xsk_wakeup needs be guarded against queues disappearing
while the function is executing, so a check against the
GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the
disabling of the bit and the synchronize_net() in gve_turndown.

21/01/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://git.kernel.org/stable/c/40338d7987d810fcaa95c500b1068a52b08eec9b

https://git.kernel.org/stable/c/771d66f2bd8c4dba1286a9163ab982cecd825718

https://git.kernel.org/stable/c/8e8d7037c89437af12725f454e2eaf40e8166c0f

Enviar en el boletín

Off

Archivos mensuales: enero 2025