CVE-2024-9138 | INCIBE-CERT | INCIBE

Descripción

*** Pendiente de traducción *** Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.

CVE-2025-22275

CVE-2025-22275

Título es
CVE-2025-22275

Vie, 03/01/2025 – 05:15

Tipo
CWE-532

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-22275

Descripción en
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

03/01/2025
03/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak

  • https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

  • https://news.ycombinator.com/item?id=42579472

    • Enviar en el boletín
    Off

    CVE-2024-53842

    CVE-2024-53842

    Título es
    CVE-2024-53842

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53842

    Descripción en
    In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53841

    CVE-2024-53841

    Título es
    CVE-2024-53841

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53841

    Descripción en
    In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53840

    CVE-2024-53840

    Título es
    CVE-2024-53840

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53840

    Descripción en
    there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53839

    CVE-2024-53839

    Título es
    CVE-2024-53839

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53839

    Descripción en
    In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53838

    CVE-2024-53838

    Título es
    CVE-2024-53838

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53838

    Descripción en
    In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53836

    CVE-2024-53836

    Título es
    CVE-2024-53836

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53836

    Descripción en
    In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53837

    CVE-2024-53837

    Título es
    CVE-2024-53837

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53837

    Descripción en
    In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off

    CVE-2024-53834

    CVE-2024-53834

    Título es
    CVE-2024-53834

    Vie, 03/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53834

    Descripción en
    In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    03/01/2025
    03/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2024-12-01

    • Enviar en el boletín
    Off