noviembre 2024 - Página 53 de 117

12 Nov 2024

CVE-2024-49511

Título es

CVE-2024-49511

Mar, 12/11/2024 – 21:15

Tipo

CWE-125

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49511

Descripción en

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

12/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://helpx.adobe.com/security/products/indesign/apsb24-88.html

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-49510

Título es

CVE-2024-49510

Mar, 12/11/2024 – 21:15

Tipo

CWE-125

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49510

Descripción en

12/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://helpx.adobe.com/security/products/indesign/apsb24-88.html

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-49509

Título es

CVE-2024-49509

Mar, 12/11/2024 – 21:15

Tipo

CWE-122

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49509

Descripción en

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

12/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://helpx.adobe.com/security/products/indesign/apsb24-88.html

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-51094

Título es

CVE-2024-51094

Mar, 12/11/2024 – 21:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51094

Descripción en

An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile".

12/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-51093

Título es

CVE-2024-51093

Mar, 12/11/2024 – 21:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51093

Descripción en

Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.

12/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-11168

Título es

CVE-2024-11168

Mar, 12/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-11168

Descripción en

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

12/11/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X

Gravedad 4.0

6.30

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5

https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550

https://github.com/python/cpython/issues/103848

https://github.com/python/cpython/pull/103849

https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-51179

Título es

CVE-2024-51179

Mar, 12/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-51179

Descripción en

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process.

12/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/Lakshmirnr/CVE-2024-51179

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-48075

Título es

CVE-2024-48075

Mar, 12/11/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-48075

Descripción en

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL 09.09.24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.

12/11/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/RealTimeLogic/SharkSSL/commit/7045f6f254060640ff77eef2027f108fcc20e2f2

https://www.telekom.com/resource/blob/1083076/8bf5c03520005b8e699dfb9bce470fc7/dl-241104-cve-2024-48075-data.pdf

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-47439

Título es

CVE-2024-47439

Mar, 12/11/2024 – 20:15

Tipo

CWE-476

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47439

Descripción en

Substance3D – Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

12/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html

Enviar en el boletín

Off

12 Nov 2024

CVE-2024-47440

Título es

CVE-2024-47440

Mar, 12/11/2024 – 20:15

Tipo

CWE-125

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47440

Descripción en

Substance3D – Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

12/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html

Enviar en el boletín

Off

Archivos mensuales: noviembre 2024