CVE-2024-37084

CVE-2024-37084

Título es
CVE-2024-37084

Jue, 25/07/2024 – 10:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-37084

Descripción en
In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

25/07/2024
25/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • https://spring.io/security/cve-2024-37084

    • Enviar en el boletín
    Off

    CVE-2024-4811

    CVE-2024-4811

    Título es
    CVE-2024-4811

    Jue, 25/07/2024 – 05:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-4811

    Descripción en
    In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.

    25/07/2024
    25/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://advisories.octopus.com/post/2024/sa2024-05/

    • Enviar en el boletín
    Off

    CVE-2024-6972

    CVE-2024-6972

    Título es
    CVE-2024-6972

    Jue, 25/07/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6972

    Descripción en
    In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.

    25/07/2024
    25/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://advisories.octopus.com/post/2024/sa2024-06/

    • Enviar en el boletín
    Off

    CVE-2024-7081

    CVE-2024-7081

    Título es
    CVE-2024-7081

    Mié, 24/07/2024 – 21:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-7081

    Descripción en
    A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability.

    24/07/2024
    24/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/zgg012/cve/issues/1

  • https://vuldb.com/?ctiid_272366=

  • https://vuldb.com/?id_272366=

  • https://vuldb.com/?submit_379675=

    • Enviar en el boletín
    Off

    CVE-2024-41466

    CVE-2024-41466

    Título es
    CVE-2024-41466

    Mié, 24/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41466

    Descripción en
    Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.

    24/07/2024
    24/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/NatStaticSetting/README.md

    • Enviar en el boletín
    Off

    CVE-2024-41465

    CVE-2024-41465

    Título es
    CVE-2024-41465

    Mié, 24/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41465

    Descripción en
    Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm.

    24/07/2024
    24/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/setcfm

    • Enviar en el boletín
    Off

    CVE-2024-41464

    CVE-2024-41464

    Título es
    CVE-2024-41464

    Mié, 24/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41464

    Descripción en
    Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic

    24/07/2024
    24/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/RouteStatic2

    • Enviar en el boletín
    Off

    CVE-2024-7060

    CVE-2024-7060

    Título es
    CVE-2024-7060

    Mié, 24/07/2024 – 23:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7060

    Descripción en
    An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.

    25/07/2024
    25/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/437894

    • Enviar en el boletín
    Off

    CVE-2024-5067

    CVE-2024-5067

    Título es
    CVE-2024-5067

    Mié, 24/07/2024 – 23:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5067

    Descripción en
    An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.

    25/07/2024
    25/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/458504

  • https://gitlab.com/gitlab-org/gitlab/-/issues/462427

  • https://hackerone.com/reports/2462303

  • https://hackerone.com/reports/2502047

    • Enviar en el boletín
    Off

    CVE-2024-0231

    CVE-2024-0231

    Título es
    CVE-2024-0231

    Mié, 24/07/2024 – 23:15

    Tipo
    CWE-99

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-0231

    Descripción en
    A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.

    25/07/2024
    25/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/437103

  • https://hackerone.com/reports/2299337

    • Enviar en el boletín
    Off