CVE-2024-41376

CVE-2024-41376

Título es
CVE-2024-41376

Lun, 05/08/2024 – 17:15

Tipo
CWE-31

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-41376

Descripción en
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.

05/08/2024
05/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://github.com/zyx0814/dzzoffice/issues/252

    • Enviar en el boletín
    Off

    CVE-2024-41380

    CVE-2024-41380

    Título es
    CVE-2024-41380

    Lun, 05/08/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41380

    Descripción en
    microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/microweber/microweber/issues/1111

    • Enviar en el boletín
    Off

    CVE-2024-41200

    CVE-2024-41200

    Título es
    CVE-2024-41200

    Lun, 05/08/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41200

    Descripción en
    A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gist.github.com/SecZone-SFuzz/3cf2d8b50ffe4b4951c193d8c0cd65a9

    • Enviar en el boletín
    Off

    CVE-2024-40498

    CVE-2024-40498

    Título es
    CVE-2024-40498

    Lun, 05/08/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40498

    Descripción en
    SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Dirac231/CVE-2024-40498

    • Enviar en el boletín
    Off

    CVE-2024-41381

    CVE-2024-41381

    Título es
    CVE-2024-41381

    Lun, 05/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41381

    Descripción en
    microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/microweber/microweber/issues/1110

    • Enviar en el boletín
    Off

    CVE-2024-6361

    CVE-2024-6361

    Título es
    CVE-2024-6361

    Lun, 05/08/2024 – 19:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6361

    Descripción en
    Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://portal.microfocus.com/s/article/KM000032605?language=en_US

    • Enviar en el boletín
    Off

    CVE-2024-42010

    CVE-2024-42010

    Título es
    CVE-2024-42010

    Lun, 05/08/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42010

    Descripción en
    mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/roundcube/roundcubemail/releases

  • https://github.com/roundcube/roundcubemail/releases/tag/1.5.8

  • https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

  • https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

  • https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

    • Enviar en el boletín
    Off

    CVE-2024-42009

    CVE-2024-42009

    Título es
    CVE-2024-42009

    Lun, 05/08/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42009

    Descripción en
    A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/roundcube/roundcubemail/releases

  • https://github.com/roundcube/roundcubemail/releases/tag/1.5.8

  • https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

  • https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

  • https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

    • Enviar en el boletín
    Off

    CVE-2024-42008

    CVE-2024-42008

    Título es
    CVE-2024-42008

    Lun, 05/08/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42008

    Descripción en
    A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

    05/08/2024
    05/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/roundcube/roundcubemail/releases

  • https://github.com/roundcube/roundcubemail/releases/tag/1.5.8

  • https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

  • https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

  • https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

    • Enviar en el boletín
    Off

    CVE-2024-33026

    CVE-2024-33026

    Título es
    CVE-2024-33026

    Lun, 05/08/2024 – 15:15

    Tipo
    CWE-126

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-33026

    Descripción en
    Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

    05/08/2024
    05/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

    • Enviar en el boletín
    Off