CVE-2024-37769

CVE-2024-37769

Título es
CVE-2024-37769

Vie, 05/07/2024 – 16:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-37769

Descripción en
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

05/07/2024
05/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://github.com/b1ackc4t/14Finger/issues/12

    • Enviar en el boletín
    Off

    CVE-2024-37768

    CVE-2024-37768

    Título es
    CVE-2024-37768

    Vie, 05/07/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37768

    Descripción en
    14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.

    05/07/2024
    05/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/b1ackc4t/14Finger/issues/12

    • Enviar en el boletín
    Off

    CVE-2024-6505

    CVE-2024-6505

    Título es
    CVE-2024-6505

    Vie, 05/07/2024 – 14:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6505

    Descripción en
    A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

    05/07/2024
    05/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://access.redhat.com/security/cve/CVE-2024-6505

  • https://bugzilla.redhat.com/show_bug.cgi?id=2295760

    • Enviar en el boletín
    Off

    CVE-2024-6524

    CVE-2024-6524

    Título es
    CVE-2024-6524

    Vie, 05/07/2024 – 12:15

    Tipo
    CWE-918

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-6524

    Descripción en
    A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.

    05/07/2024
    05/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md

  • https://vuldb.com/?ctiid_270367=

  • https://vuldb.com/?id_270367=

  • https://vuldb.com/?submit_365173=

    • Enviar en el boletín
    Off

    CVE-2024-6523

    CVE-2024-6523

    Título es
    CVE-2024-6523

    Vie, 05/07/2024 – 11:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-6523

    Descripción es
    Se encontró una vulnerabilidad en ZKTeco BioTime hasta 9.5.2. Ha sido clasificada como problemática. Una función desconocida del componente system-group-add Handler es afectada por esta vulnerabilidad. La manipulación del argumento usuario con la entrada conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-270366 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

    Descripción en
    A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input alert('XSS') leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    05/07/2024
    05/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28

  • https://vuldb.com/?ctiid_270366=

  • https://vuldb.com/?id_270366=

  • https://vuldb.com/?submit_364104=

    • Enviar en el boletín
    Off

    CVE-2024-6298

    CVE-2024-6298

    Título es
    CVE-2024-6298

    Vie, 05/07/2024 – 11:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6298

    Descripción es
    Vulnerabilidad de validación de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusión remota de código. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; Serie NEXUS: hasta el 3.08.01; Serie MATRIX: hasta el 3.08.01.

    Descripción en
    Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01.

    05/07/2024
    05/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964

    • Enviar en el boletín
    Off

    CVE-2024-6209

    CVE-2024-6209

    Título es
    CVE-2024-6209

    Vie, 05/07/2024 – 11:15

    Tipo
    CWE-552

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6209

    Descripción es
    Acceso no autorizado a archivos en WEB Server en ABB ASPECT – Enterprise v <=3.08.01; Serie NEXUS v <=3.08.01; MATRIX Series v<=3.08.01 permite a un atacante acceder a archivos no autorizados

    Descripción en
    Unauthorized file access in WEB Server in ABB ASPECT – Enterprise v

    05/07/2024
    05/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964

    • Enviar en el boletín
    Off

    CVE-2024-39484

    CVE-2024-39484

    Título es
    CVE-2024-39484

    Vie, 05/07/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39484

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    mmc: davinci: Don't strip remove function when driver is builtin

    Using __exit for the remove function results in the remove callback being
    discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.
    using sysfs or hotplug), the driver is just removed without the cleanup
    being performed. This results in resource leaks. Fix it by compiling in the
    remove callback unconditionally.

    This also fixes a W=1 modpost warning:

    WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in
    reference: davinci_mmcsd_driver+0x10 (section: .data) ->
    davinci_mmcsd_remove (section: .exit.text)

    05/07/2024
    05/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584

  • https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3

  • https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e

  • https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4

  • https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb

  • https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1

    • Enviar en el boletín
    Off

    CVE-2024-39482

    CVE-2024-39482

    Título es
    CVE-2024-39482

    Vie, 05/07/2024 – 07:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39482

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    bcache: fix variable length array abuse in btree_iter

    btree_iter is used in two ways: either allocated on the stack with a
    fixed size MAX_BSETS, or from a mempool with a dynamic size based on the
    specific cache set. Previously, the struct had a fixed-length array of
    size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized
    iterators, which causes UBSAN to complain.

    This patch uses the same approach as in bcachefs's sort_iter and splits
    the iterator into a btree_iter with a flexible array member and a
    btree_iter_stack which embeds a btree_iter as well as a fixed-length
    data array.

    05/07/2024
    05/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671

  • https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b

  • https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31

  • https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023

  • https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148

  • https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02

    • Enviar en el boletín
    Off