8.8

CVSS3.1

CVE-2024-12382 -

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 11, 2024, 5:52 p.m. ๐Ÿ”„ Last Modified: Dec. 17, 2024, 4:56 a.m.

8.8

CVSS3.1

CVE-2024-12381 -

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

๐Ÿ“… Published: Dec. 11, 2024, 5:52 p.m. ๐Ÿ”„ Last Modified: Dec. 17, 2024, 4:56 a.m.

9.3

CVSS4.0

CVE-2024-50339 - GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.

๐Ÿ“… Published: Dec. 11, 2024, 5:48 p.m. ๐Ÿ”„ Last Modified: Jan. 10, 2025, 6:48 p.m.

7.2

CVSS4.0

CVE-2024-48912 - GLPI vulnerable to authenticated insecure account deletion

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

๐Ÿ“… Published: Dec. 11, 2024, 5:03 p.m. ๐Ÿ”„ Last Modified: Jan. 10, 2025, 7:37 p.m.

7.5

CVSS4.0

CVE-2024-47761 - GLPI vulnerable to account takeover via the password reset feature

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

๐Ÿ“… Published: Dec. 11, 2024, 5 p.m. ๐Ÿ”„ Last Modified: Jan. 23, 2025, 8:37 p.m.

7.5

CVSS4.0

CVE-2024-47760 - GLPI vulnerable to account takeover via API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

๐Ÿ“… Published: Dec. 11, 2024, 4:56 p.m. ๐Ÿ”„ Last Modified: Jan. 23, 2025, 8:23 p.m.

7.8

CVSS3.1

CVE-2024-11598 -

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.

๐Ÿ“… Published: Dec. 11, 2024, 4:50 p.m. ๐Ÿ”„ Last Modified: Jan. 23, 2025, 8:12 p.m.

7.8

CVSS3.1

CVE-2024-11597 -

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.

๐Ÿ“… Published: Dec. 11, 2024, 4:49 p.m. ๐Ÿ”„ Last Modified: Jan. 23, 2025, 8:02 p.m.

7.8

CVSS3.1

CVE-2024-8496 -

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

๐Ÿ“… Published: Dec. 11, 2024, 4:43 p.m. ๐Ÿ”„ Last Modified: Dec. 14, 2024, 4:55 a.m.

7.8

CVSS3.1

CVE-2024-9845 -

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.

๐Ÿ“… Published: Dec. 11, 2024, 4:41 p.m. ๐Ÿ”„ Last Modified: Dec. 19, 2024, 4:55 a.m.
Total resulsts: 346752
Page 7280 of 34,676
ยซ previous page ยป next page
Filters