CVE-2024-25076

CVE-2024-25076

Título es
CVE-2024-25076

Mié, 10/07/2024 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-25076

Descripción en
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.

10/07/2024
10/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2024-0001.md

    • Enviar en el boletín
    Off

    CVE-2024-37147

    CVE-2024-37147

    Título es
    CVE-2024-37147

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37147

    Descripción en
    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.

    10/07/2024
    10/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh

    • Enviar en el boletín
    Off

    CVE-2024-32469

    CVE-2024-32469

    Título es
    CVE-2024-32469

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-32469

    Descripción en
    Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.

    10/07/2024
    10/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/decidim/decidim/releases/tag/v0.27.6

  • https://github.com/decidim/decidim/releases/tag/v0.28.1

  • https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q

    • Enviar en el boletín
    Off

    CVE-2024-5913

    CVE-2024-5913

    Título es
    CVE-2024-5913

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5913

    Descripción en
    An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/CVE-2024-5913

    • Enviar en el boletín
    Off

    CVE-2024-5912

    CVE-2024-5912

    Título es
    CVE-2024-5912

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-347

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5912

    Descripción en
    An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/CVE-2024-5912

    • Enviar en el boletín
    Off

    CVE-2024-5911

    CVE-2024-5911

    Título es
    CVE-2024-5911

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-434

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5911

    Descripción en
    An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/CVE-2024-5911

    • Enviar en el boletín
    Off

    CVE-2024-5910

    CVE-2024-5910

    Título es
    CVE-2024-5910

    Mié, 10/07/2024 – 19:15

    Tipo
    CWE-306

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5910

    Descripción en
    Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

    Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/CVE-2024-5910

    • Enviar en el boletín
    Off

    CVE-2024-5492

    CVE-2024-5492

    Título es
    CVE-2024-5492

    Mié, 10/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5492

    Descripción en
    Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

    • Enviar en el boletín
    Off

    CVE-2024-5491

    CVE-2024-5491

    Título es
    CVE-2024-5491

    Mié, 10/07/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-5491

    Descripción en
    Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

    10/07/2024
    10/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

    • Enviar en el boletín
    Off