CVE-2024-41692

CVE-2024-41692

Título es
CVE-2024-41692

Vie, 26/07/2024 – 13:15

Tipo
CWE-1191

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-41692

Descripción es
Esta vulnerabilidad existe en el enrutador SyroTech SY-GPON-1110-WDONT debido a la presencia de acceso a terminal root en una interfaz serial sin el control de acceso adecuado. Un atacante con acceso físico podría aprovechar esto accediendo al shell root en el sistema vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir al atacante ejecutar comandos arbitrarios con privilegios de root en el sistema objetivo.

Descripción en
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.

26/07/2024
26/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225

    • Enviar en el boletín
    Off

    CVE-2024-25090

    CVE-2024-25090

    Título es
    CVE-2024-25090

    Vie, 26/07/2024 – 09:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-25090

    Descripción es
    La validación de entrada y sanitización insuficientes de las funciones Profile name & screenname, Bookmark name & description and blogroll name en todas las versiones de Apache Roller en todas las plataformas permite que un usuario autenticado realice un ataque de XSS. Mitigación: si no tiene Roller configurado para usuarios no confiables, entonces no necesita hacer nada porque confía en que sus usuarios creen HTML sin formato y otro contenido web. Si está ejecutando con usuarios no confiables, entonces debe actualizar a Roller 6.1.3. Este problema afecta a Apache Roller: desde 5.0.0 hasta 6.1.3. Se recomienda a los usuarios que actualicen a la versión 6.1.3, que soluciona el problema.

    Descripción en
    Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.

    This issue affects Apache Roller: from 5.0.0 before 6.1.3.

    Users are recommended to upgrade to version 6.1.3, which fixes the issue.

    26/07/2024
    26/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd

    • Enviar en el boletín
    Off

    CVE-2023-38522

    CVE-2023-38522

    Título es
    CVE-2023-38522

    Vie, 26/07/2024 – 10:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-38522

    Descripción es
    Apache Traffic Server acepta caracteres que no están permitidos para los nombres de campos HTTP y reenvía las solicitudes malformadas a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y también puede provocar un envenenamiento de la caché si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versión 8.0.0 hasta la 8.1.10, desde la 9.0.0 hasta la 9.2.4. Se recomienda a los usuarios que actualicen a la versión 8.1.11 o 9.2.5, que soluciona el problema.

    Descripción en
    Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

    This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

    Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

    26/07/2024
    26/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

    • Enviar en el boletín
    Off

    CVE-2024-35296

    CVE-2024-35296

    Título es
    CVE-2024-35296

    Vie, 26/07/2024 – 10:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-35296

    Descripción es
    Un encabezado Invalid Accept-Encoding puede provocar que Apache Traffic Server no pueda realizar una búsqueda en caché y fuerce el reenvío de solicitudes. Este problema afecta a Apache Traffic Server: de la versión 8.0.0 a la 8.1.10 y de la versión 9.0.0 a la 9.2.4. Se recomienda a los usuarios que actualicen a la versión 8.1.11 o 9.2.5, que soluciona el problema.

    Descripción en
    Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

    This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

    Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

    26/07/2024
    26/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

    • Enviar en el boletín
    Off

    CVE-2024-35161

    CVE-2024-35161

    Título es
    CVE-2024-35161

    Vie, 26/07/2024 – 10:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-35161

    Descripción es
    Apache Traffic Server reenvía la sección fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y también puede provocar un envenenamiento de la caché si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versión 8.0.0 hasta la 8.1.10, desde la versión 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuración (proxy.config.http.drop_chunked_trailers) para no reenviar la sección fragmentada del tráiler. Se recomienda a los usuarios que actualicen a la versión 8.1.11 o 9.2.5, que soluciona el problema.

    Descripción en
    Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

    This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

    Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
    Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

    26/07/2024
    26/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

    • Enviar en el boletín
    Off

    CVE-2024-7118

    CVE-2024-7118

    Título es
    CVE-2024-7118

    Vie, 26/07/2024 – 04:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7118

    Descripción en
    A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    26/07/2024
    26/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/topsky979/Security-Collections/tree/main/cve9

  • https://vuldb.com/?ctiid_272449=

  • https://vuldb.com/?id_272449=

  • https://vuldb.com/?submit_376890=

    • Enviar en el boletín
    Off

    CVE-2024-7117

    CVE-2024-7117

    Título es
    CVE-2024-7117

    Vie, 26/07/2024 – 04:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7117

    Descripción en
    A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    26/07/2024
    26/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/topsky979/Security-Collections/tree/main/cve8

  • https://vuldb.com/?ctiid_272448=

  • https://vuldb.com/?id_272448=

  • https://vuldb.com/?submit_376889=

    • Enviar en el boletín
    Off

    CVE-2024-7120

    CVE-2024-7120

    Título es
    CVE-2024-7120

    Vie, 26/07/2024 – 05:15

    Tipo
    CWE-78

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7120

    Descripción en
    A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.

    26/07/2024
    26/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707?pvs=4

  • https://vuldb.com/?ctiid_272451=

  • https://vuldb.com/?id_272451=

  • https://vuldb.com/?submit_380167=

    • Enviar en el boletín
    Off

    CVE-2024-7119

    CVE-2024-7119

    Título es
    CVE-2024-7119

    Vie, 26/07/2024 – 05:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7119

    Descripción en
    A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    26/07/2024
    26/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/topsky979/Security-Collections/tree/main/cve10

  • https://vuldb.com/?ctiid_272450=

  • https://vuldb.com/?id_272450=

  • https://vuldb.com/?submit_376891=

    • Enviar en el boletín
    Off

    CVE-2023-49921

    CVE-2023-49921

    Título es
    CVE-2023-49921

    Vie, 26/07/2024 – 05:15

    Tipo
    CWE-532

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-49921

    Descripción en
    An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.

    26/07/2024
    26/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179

    • Enviar en el boletín
    Off