CVE-2024-8540
published 2024-12-10CVE-2024-8540: Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application…
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.25%
15.9th percentile
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bytecodealliance | wasmtime | >= 12.0.0 < 21.0.2 | 21.0.2 |
| bytecodealliance | wasmtime | >= 22.0.0 < 22.0.1 | 22.0.1 |
| bytecodealliance | wasmtime | >= 23.0.0 < 23.0.3 | 23.0.3 |
| bytecodealliance | wasmtime | >= 24.0.0 < 24.0.1 | 24.0.1 |
| bytecodealliance | wasmtime | >= 25.0.0 < 25.0.2 | 25.0.2 |
| ivanti | standalone_sentry | < 9.20.2 | 9.20.2 |
| ivanti | standalone_sentry | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-666h-ff6h-j7qq: Insecure permissions in Ivanti Sentry before versions 9
ghsa_unreviewed·2024-12-10
CVE-2024-8540 [HIGH] CWE-732 GHSA-666h-ff6h-j7qq: Insecure permissions in Ivanti Sentry before versions 9
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
GHSA
wasmtime has a runtime crash when combining tail calls with trapping imports
ghsa·2024-10-09
CVE-2024-47763 [MEDIUM] CWE-617 wasmtime has a runtime crash when combining tail calls with trapping imports
wasmtime has a runtime crash when combining tail calls with trapping imports
### Impact
Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later.
[WebAssembly tail calls](https://github.com/webassembly/tail-call) are a proposal which relatively recently reached stage 4 in the [standardization process](https://github.com/WebAssembly/proposals/). Wasmtime first enabled support for tail calls by default [in Wasmtime 21.0.0](https://github.com/bytecodealliance/wasmtime/pull/8540), although that release contained a b
Ivanti
Ivanti Security Advisory: CVE-2024-8540
vendor_ivanti·2024-12-10·CVSS 8.8
CVE-2024-8540 [HIGH] CWE-732 Ivanti Security Advisory: CVE-2024-8540
Ivanti Security Advisory: CVE-2024-8540
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
CVE IDs: CVE-2024-8540
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-732
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published