CVE-2024-7274

CVE-2024-7274

Título es
CVE-2024-7274

Mar, 30/07/2024 – 22:15

Tipo
CWE-89

Gravedad v2.0
5.80

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2024-7274

Descripción en
A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143.

31/07/2024
31/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:M/C:P/I:P/A:P

Gravedad 3.1 (CVSS 3.1 Base Score)
4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md

  • https://vuldb.com/?ctiid_273143=

  • https://vuldb.com/?id_273143=

  • https://vuldb.com/?submit_381091=

    • Enviar en el boletín
    Off

    CVE-2024-3930

    CVE-2024-3930

    Título es
    CVE-2024-3930

    Mar, 30/07/2024 – 19:15

    Tipo
    CWE-611

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-3930

    Descripción en
    In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.

    30/07/2024
    30/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://portal.perforce.com/s/detail/a91PA000001SUKLYA4

    • Enviar en el boletín
    Off

    CVE-2024-5250

    CVE-2024-5250

    Título es
    CVE-2024-5250

    Mar, 30/07/2024 – 19:15

    Tipo
    CWE-209

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5250

    Descripción en
    In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations

    30/07/2024
    30/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://portal.perforce.com/s/detail/a91PA000001SUIjYAO

    • Enviar en el boletín
    Off

    CVE-2024-5249

    CVE-2024-5249

    Título es
    CVE-2024-5249

    Mar, 30/07/2024 – 19:15

    Tipo
    CWE-294

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5249

    Descripción en
    In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.

    30/07/2024
    30/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://portal.perforce.com/s/detail/a91PA000001SUH7YAO

    • Enviar en el boletín
    Off

    CVE-2024-41443

    CVE-2024-41443

    Título es
    CVE-2024-41443

    Mar, 30/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41443

    Descripción en
    A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

    30/07/2024
    30/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc/sample16.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223831738.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223921086.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-41440

    CVE-2024-41440

    Título es
    CVE-2024-41440

    Mar, 30/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41440

    Descripción en
    A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

    30/07/2024
    30/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-41439

    CVE-2024-41439

    Título es
    CVE-2024-41439

    Mar, 30/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41439

    Descripción en
    A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

    30/07/2024
    30/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc/sample13.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240530192505615.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240531002753478.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-41438

    CVE-2024-41438

    Título es
    CVE-2024-41438

    Mar, 30/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41438

    Descripción en
    A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

    30/07/2024
    30/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184723547.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184848743.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530185015780.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.md

  • https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc

  • https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc/sample10.png

    • Enviar en el boletín
    Off

    CVE-2024-41944

    CVE-2024-41944

    Título es
    CVE-2024-41944

    Mar, 30/07/2024 – 17:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41944

    Descripción en
    Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.

    30/07/2024
    30/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/xibosignage/xibo-cms/commit/c60cfd8727da77b9db10297148eadd697ebec353.patch

  • https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-v6q4-h869-gm3r

  • https://xibosignage.com/blog/security-advisory-2024-07

    • Enviar en el boletín
    Off

    CVE-2024-41916

    CVE-2024-41916

    Título es
    CVE-2024-41916

    Mar, 30/07/2024 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41916

    Descripción en
    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

    30/07/2024
    30/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US

    • Enviar en el boletín
    Off