CVE-2024-54528

CVE-2024-54528

Título es
CVE-2024-54528

Jue, 12/12/2024 – 02:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-54528

Descripción en
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files.

12/12/2024
12/12/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://support.apple.com/en-us/121839

  • https://support.apple.com/en-us/121840

  • https://support.apple.com/en-us/121842

    • Enviar en el boletín
    Off

    CVE-2024-54529

    CVE-2024-54529

    Título es
    CVE-2024-54529

    Jue, 12/12/2024 – 02:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54529

    Descripción en
    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.

    12/12/2024
    12/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://support.apple.com/en-us/121839

  • https://support.apple.com/en-us/121840

  • https://support.apple.com/en-us/121842

    • Enviar en el boletín
    Off

    CVE-2024-47758

    CVE-2024-47758

    Título es
    CVE-2024-47758

    Mié, 11/12/2024 – 16:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47758

    Descripción en
    GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

    11/12/2024
    11/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    7.60

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/glpi-project/glpi/releases/tag/10.0.17

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr

    • Enviar en el boletín
    Off

    CVE-2024-53677

    CVE-2024-53677

    Título es
    CVE-2024-53677

    Mié, 11/12/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53677

    Descripción en
    File upload logic is flawed vulnerability in Apache Struts.

    This issue affects Apache Struts: from 2.0.0 before 6.4.0.

    Users are recommended to upgrade to version 6.4.0, which fixes the issue.

    You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

    11/12/2024
    11/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:L/U:Red

    Gravedad 4.0
    9.50

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://cwiki.apache.org/confluence/display/WW/S2-067

    • Enviar en el boletín
    Off

    CVE-2024-11598

    CVE-2024-11598

    Título es
    CVE-2024-11598

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-276

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11598

    Descripción en
    Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.

    11/12/2024
    11/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Application-Control-CVE-2024-11598

    • Enviar en el boletín
    Off

    CVE-2024-11597

    CVE-2024-11597

    Título es
    CVE-2024-11597

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-276

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11597

    Descripción en
    Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.

    11/12/2024
    11/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Performance-Manager-CVE-2024-11597

    • Enviar en el boletín
    Off

    CVE-2024-10251

    CVE-2024-10251

    Título es
    CVE-2024-10251

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-276

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10251

    Descripción en
    Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.

    11/12/2024
    11/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251

    • Enviar en el boletín
    Off

    CVE-2024-47761

    CVE-2024-47761

    Título es
    CVE-2024-47761

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47761

    Descripción en
    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

    11/12/2024
    11/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    7.50

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/glpi-project/glpi/releases/tag/10.0.17

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-x794-564w-vgxx

    • Enviar en el boletín
    Off

    CVE-2024-47760

    CVE-2024-47760

    Título es
    CVE-2024-47760

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47760

    Descripción en
    GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

    11/12/2024
    11/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    7.50

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/glpi-project/glpi/releases/tag/10.0.17

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-r3mx-fr5f-gwgp

    • Enviar en el boletín
    Off

    CVE-2024-48912

    CVE-2024-48912

    Título es
    CVE-2024-48912

    Mié, 11/12/2024 – 17:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48912

    Descripción en
    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

    11/12/2024
    11/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    7.20

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/glpi-project/glpi/releases/tag/10.0.17

  • https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f

    • Enviar en el boletín
    Off