CVE-2024-52598 – 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
https://notcve.org/view.php?id=CVE-2024-52598
The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. ... The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. ... Version 5.4.1 fixes the issues. 2FAuth es una aplicación web para administrar cuentas de autenticación de dos factores (2FA) y generar sus códigos de seguridad. Existen dos vulnerabilidades interconectadas en la versión 5.4.1: un problema de omisión de validación de SSRF y URI. ... La combinación de estos dos problemas permite a un atacante recuperar URI accesibles desde la aplicación, siempre que su tipo de contenido esté basado en texto. • https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-52597 – 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
https://notcve.org/view.php?id=CVE-2024-52597
One of the accepted types of image is SVG, which allows JS scripting. ... Version 5.4.1 contains a patch for the issue. 2FAuth es una aplicación web para administrar cuentas de autenticación de dos factores (2FA) y generar sus códigos de seguridad. • https://github.com/Bubka/2FAuth/commit/93c508e118f483f3c93ac36e1f91face95af642d https://github.com/Bubka/2FAuth/security/advisories/GHSA-q5p4-6q4v-gqg3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-48530
https://notcve.org/view.php?id=CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/esoft-planner-cve/esoft_planner_cve •
CVE-2024-48986
https://notcve.org/view.php?id=CVE-2024-48986
Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/hci/dual_chip/hci_evt.c#L3018 https://github.com/mbed-ce/mbed-os/pull/385 •
CVE-2024-48982
https://notcve.org/view.php?id=CVE-2024-48982
Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. ... This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/hci/dual_chip/hci_evt.c#L2748 https://github.com/mbed-ce/mbed-os/pull/386 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •