CVE-2024-44260

CVE-2024-44260

Título es
CVE-2024-44260

Lun, 28/10/2024 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-44260

Descripción en
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app with root privileges may be able to modify the contents of system files.

28/10/2024
28/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://support.apple.com/en-us/121568

  • https://support.apple.com/en-us/121570

    • Enviar en el boletín
    Off

    CVE-2024-44257

    CVE-2024-44257

    Título es
    CVE-2024-44257

    Lun, 28/10/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44257

    Descripción en
    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.

    28/10/2024
    28/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.apple.com/en-us/121568

  • https://support.apple.com/en-us/121570

    • Enviar en el boletín
    Off

    CVE-2024-44256

    CVE-2024-44256

    Título es
    CVE-2024-44256

    Lun, 28/10/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44256

    Descripción en
    The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox.

    28/10/2024
    28/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.apple.com/en-us/121568

  • https://support.apple.com/en-us/121570

    • Enviar en el boletín
    Off

    CVE-2024-44240

    CVE-2024-44240

    Título es
    CVE-2024-44240

    Lun, 28/10/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44240

    Descripción en
    The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

    28/10/2024
    28/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.apple.com/en-us/121563

  • https://support.apple.com/en-us/121565

  • https://support.apple.com/en-us/121566

  • https://support.apple.com/en-us/121567

  • https://support.apple.com/en-us/121568

  • https://support.apple.com/en-us/121569

  • https://support.apple.com/en-us/121570

    • Enviar en el boletín
    Off

    CVE-2024-51509

    CVE-2024-51509

    Título es
    CVE-2024-51509

    Lun, 28/10/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51509

    Descripción en
    Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.

    29/10/2024
    29/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/r0ck3t1973/xss_payload/issues/10

  • https://security.tiki.org/Disclose-a-Vulnerability

    • Enviar en el boletín
    Off

    CVE-2024-51508

    CVE-2024-51508

    Título es
    CVE-2024-51508

    Lun, 28/10/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51508

    Descripción en
    Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.

    29/10/2024
    29/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/r0ck3t1973/xss_payload/issues/9

  • https://security.tiki.org/Disclose-a-Vulnerability

    • Enviar en el boletín
    Off

    CVE-2024-51507

    CVE-2024-51507

    Título es
    CVE-2024-51507

    Lun, 28/10/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51507

    Descripción en
    Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.

    29/10/2024
    29/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/r0ck3t1973/xss_payload/issues/9

  • https://security.tiki.org/Disclose-a-Vulnerability

    • Enviar en el boletín
    Off

    CVE-2024-51506

    CVE-2024-51506

    Título es
    CVE-2024-51506

    Lun, 28/10/2024 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51506

    Descripción en
    Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.

    29/10/2024
    29/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/r0ck3t1973/xss_payload/issues/8

  • https://security.tiki.org/Disclose-a-Vulnerability

    • Enviar en el boletín
    Off

    CVE-2024-50469

    CVE-2024-50469

    Título es
    CVE-2024-50469

    Lun, 28/10/2024 – 18:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-50469

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Bright Vessel Textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through 0.1.3.1.

    28/10/2024
    28/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/textboxes/wordpress-textboxes-plugin-0-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-50468

    CVE-2024-50468

    Título es
    CVE-2024-50468

    Lun, 28/10/2024 – 18:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-50468

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Robinson Raptor Editor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through 1.0.20.

    28/10/2024
    28/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/wp-raptor/wordpress-raptor-editor-plugin-1-0-20-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off