Aggregator

A vulnerability was found in Calibre up to 7.14.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-6782. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Calibre 7.15.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-7008. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Calibre 7.14.0 and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-6781. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Gitea Open Source Git Server 1.22.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6886. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Hitachi Tuning Manager 05_10/8.8.5-00/8.8.5-04 on Windows/Linux/Solaris. This affects an unknown part of the component Expression Language Handler. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is uniquely identified as CVE-2024-5828. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in oFono 2.3. Affected by this issue is some unknown functionality of the component SMS Decoder. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-7547. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as critical was found in oFono 2.3. Affected by this vulnerability is an unknown functionality of the component SimToolKit. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-7546. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical has been found in oFono 2.3. Affected is an unknown function of the component SimToolKit. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-7545. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in oFono 2.3. It has been rated as critical. This issue affects some unknown processing of the component SimToolKit. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-7544. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in oFono 2.3. It has been declared as critical. This vulnerability affects unknown code of the component SimToolKit. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-7543. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in XjSv Cooked Plugin up to 1.8.0 on WordPress. It has been classified as problematic. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-41816. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nuxt up to 1.3.8 and classified as critical. Affected by this issue is some unknown functionality of the component WebSocket Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-23657. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in nuxt icon up to 1.4.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/_nuxt_icon/[name]. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-42352. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in oFono 1.34. Affected is an unknown function of the component AT CMGR Command Handler. The manipulation leads to use of uninitialized variable. This vulnerability is traded as CVE-2024-7542. An attack has to be approached locally. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in oFono 1.34. This issue affects some unknown processing of the component AT CMT Command Handler. The manipulation leads to use of uninitialized variable. The identification of this vulnerability is CVE-2024-7541. The attack needs to be approached locally. There is no exploit available.

A vulnerability classified as problematic was found in oFono 1.34. This vulnerability affects unknown code of the component AT CMGL Command Handler. The manipulation leads to use of uninitialized variable. This vulnerability was named CVE-2024-7540. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as critical has been found in oFono 1.34. This affects an unknown part of the component CUSD Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-7539. Attacking locally is a requirement. There is no exploit available.

有报道称针对上周末被披露的Apache OFBiz 安全漏洞（CVE-2024-38856）的攻击企图日益增多，使用 Apache OFBiz 的组织被敦促修补一个严重漏洞。 Apache OFBiz 开发人员称，18.12.14 之前的版本都受到影响，18.12.15 包含一个修复程序。 开发人员在一份咨询报告中表示： “如果满足某些先决条件（例如，当屏幕定义没有明确检查用户的权限，因为它们依赖于其端点的配置时），未经身份验证的端点可能会允许执行屏幕的屏幕渲染代码。” 发现该漏洞的 SonicWall 威胁研究人员将其描述为一个严重问题，可能允许未经身份验证的远程代码执行。 SonicWall 解释称：“漏洞的根本原因在于身份验证机制存在缺陷。该缺陷允许未经身份验证的用户访问通常需要用户登录才能使用的功能，从而为远程代码执行铺平了道路。” SonicWall 尚未发现利用 CVE-2024-38856 的攻击。 然而，最近发现的另一个 Apache OFBiz 漏洞似乎已被恶意攻击者利用。该漏洞于 5 月被发现，编号为 CVE-2024-32113，是一个路径遍历错误，可能导致远程命令执行。 SANS 技术研究所的互联网风暴中心报告称，7 月底发现攻击尝试有所增加。 有证据表明攻击者正在试验该漏洞并可能将其添加到 Mirai 僵尸网络变种的攻击中。 Apache OFBiz 是一个用于创建企业资源规划 (ERP) 应用程序的免费框架。OFBiz被多家大型公司使用。大多数用户在美国，其次是印度和欧洲。 SANS 的 Johannes Ullrich 指出：“OFBiz 似乎远不如商业替代方案那么流行。然而，就像任何其他 ERP 系统一样，组织依靠它来存储敏感的业务数据，而这些 ERP 系统的安全性至关重要。”   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/_RfZplteHa9jDl1FXXRqtA 封面来源于网络，如有侵权请联系删除

A vulnerability was found in oFono 1.34. It has been rated as critical. Affected by this issue is some unknown functionality of the component CUSD AT Command Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-7538. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in oFono 1.34. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component QMI SMS Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-7537. An attack has to be approached locally. There is no exploit available.