diciembre 2024 - Página 3 de 153

31 Dic 2024

CVE-2024-56802

Título es

CVE-2024-56802

Mar, 31/12/2024 – 16:15

Tipo

CWE-285

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56802

Descripción en

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

31/12/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0

8.70

Gravedad 4.0 txt

HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03

https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-55631

Título es

CVE-2024-55631

Mar, 31/12/2024 – 17:15

Tipo

CWE-269

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-55631

Descripción en

An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://success.trendmicro.com/en-US/solution/KA-0018217

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-55955

Título es

CVE-2024-55955

Mar, 31/12/2024 – 17:15

Tipo

CWE-427

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-55955

Descripción en

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

6.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://success.trendmicro.com/en-US/solution/KA-0018571

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-55917

Título es

CVE-2024-55917

Mar, 31/12/2024 – 17:15

Tipo

CWE-346

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-55917

Descripción en

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://success.trendmicro.com/en-US/solution/KA-0018217

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-55632

Título es

CVE-2024-55632

Mar, 31/12/2024 – 17:15

Tipo

CWE-269

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-55632

Descripción en

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://success.trendmicro.com/en-US/solution/KA-0018217

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-56061

Título es

CVE-2024-56061

Mar, 31/12/2024 – 14:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56061

Descripción en

Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-3-8119-account-takeover-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-56045

Título es

CVE-2024-56045

Mar, 31/12/2024 – 14:15

Tipo

CWE-35

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56045

Descripción en

Path Traversal: '…/…//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-unauthenticated-arbitrary-directory-deletion-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-56044

Título es

CVE-2024-56044

Mar, 31/12/2024 – 14:15

Tipo

CWE-288

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56044

Descripción en

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-arbitrary-user-token-generation-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-56043

Título es

CVE-2024-56043

Mar, 31/12/2024 – 14:15

Tipo

CWE-266

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56043

Descripción en

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Dic 2024

CVE-2024-56207

Título es

CVE-2024-56207

Mar, 31/12/2024 – 14:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56207

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Privilege Escalation.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through 3.4.2.

31/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/editionguard-for-woocommerce-ebook-sales-with-drm/vulnerability/wordpress-editionguard-for-woocommerce-ebook-sales-with-drm-plugin-3-4-2-csrf-to-privilege-escalation-vulnerability?_s_id=cve

Enviar en el boletín

Off

Archivos mensuales: diciembre 2024