CVE-2024-11849

CVE-2024-11849

Título es
CVE-2024-11849

Lun, 06/01/2025 – 06:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-11849

Descripción en
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

06/01/2025
06/01/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b/

    • Enviar en el boletín
    Off

    CVE-2024-11356

    CVE-2024-11356

    Título es
    CVE-2024-11356

    Lun, 06/01/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11356

    Descripción en
    The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/d70df54e-e99e-4539-9fd9-002c0642137e/

    • Enviar en el boletín
    Off

    CVE-2024-20146

    CVE-2024-20146

    Título es
    CVE-2024-20146

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20146

    Descripción en
    In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20145

    CVE-2024-20145

    Título es
    CVE-2024-20145

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20145

    Descripción en
    In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20144

    CVE-2024-20144

    Título es
    CVE-2024-20144

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20144

    Descripción en
    In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20154

    CVE-2024-20154

    Título es
    CVE-2024-20154

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20154

    Descripción en
    In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20153

    CVE-2024-20153

    Título es
    CVE-2024-20153

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-304

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20153

    Descripción en
    In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20152

    CVE-2024-20152

    Título es
    CVE-2024-20152

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-617

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20152

    Descripción en
    In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20151

    CVE-2024-20151

    Título es
    CVE-2024-20151

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20151

    Descripción en
    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off

    CVE-2024-20150

    CVE-2024-20150

    Título es
    CVE-2024-20150

    Lun, 06/01/2025 – 04:15

    Tipo
    CWE-502

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20150

    Descripción en
    In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.

    06/01/2025
    06/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/January-2025

    • Enviar en el boletín
    Off