CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-6782 – Calibre Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. El control de acceso inadecuado en Calibre 6.9.0 ~ 7.14.0 permite a atacantes no autenticados lograr la ejecución remota de código. • https://github.com/Uno13x/CVE-2024-6782-PoC https://github.com/zangjiahe/CVE-2024-6782 https://github.com/jdpsl/CVE-2024-6782 https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 https://starlabs.sg/advisories/24/24-6782 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6781 – Calibre Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-6781
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. El path traversal en Calibre <= 7.14.0 permite a atacantes no autenticados lograr lecturas de archivos arbitrarias. • https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 https://starlabs.sg/advisories/24/24-6781 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •