7.1

CVSS3.1

CVE-2024-7572 -

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.

πŸ“… Published: Dec. 10, 2024, 6:53 p.m. πŸ”„ Last Modified: July 11, 2025, 5:42 p.m.

8.8

CVSS3.1

CVE-2024-8540 -

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0Β allow a local authenticated attacker to modify sensitive application components.

πŸ“… Published: Dec. 10, 2024, 6:52 p.m. πŸ”„ Last Modified: July 30, 2025, 5:44 p.m.

9.1

CVSS3.1

CVE-2024-11634 -

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

πŸ“… Published: Dec. 10, 2024, 6:48 p.m. πŸ”„ Last Modified: Jan. 17, 2025, 7:32 p.m.

9.1

CVSS3.1

CVE-2024-11633 -

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

πŸ“… Published: Dec. 10, 2024, 6:47 p.m. πŸ”„ Last Modified: Jan. 17, 2025, 7:35 p.m.

7.1

CVSS3.1

CVE-2024-9844 -

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

πŸ“… Published: Dec. 10, 2024, 6:46 p.m. πŸ”„ Last Modified: Jan. 17, 2025, 7:37 p.m.

7.1

CVSS3.1

CVE-2024-10256 -

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

πŸ“… Published: Dec. 10, 2024, 6:46 p.m. πŸ”„ Last Modified: Aug. 12, 2025, 7:04 p.m.

7.2

CVSS3.1

CVE-2024-54008 - Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform

An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.

πŸ“… Published: Dec. 10, 2024, 6:23 p.m. πŸ”„ Last Modified: Dec. 11, 2024, 2:15 p.m.

5.7

CVSS3.1

CVE-2024-53244 - Risky command safeguards bypass in β€œ/en-US/app/search/reportβ€œ endpoint through β€œsβ€œ parameter

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the β€œadminβ€œ or β€œpowerβ€œ Splunk roles could run a saved search with a risky command using the permissions of a hi…

πŸ“… Published: Dec. 10, 2024, 6:01 p.m. πŸ”„ Last Modified: March 6, 2025, 7:54 p.m.

5.3

CVSS3.1

CVE-2024-53246 - Sensitive Information Disclosure through SPL commands

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such …

πŸ“… Published: Dec. 10, 2024, 6:01 p.m. πŸ”„ Last Modified: July 12, 2025, 10 p.m.

4.3

CVSS3.1

CVE-2024-53243 - Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the β€œadminβ€œ or β€œpowerβ€œ Splunk roles could see alert search query responses using Splunk Secur…

πŸ“… Published: Dec. 10, 2024, 6 p.m. πŸ”„ Last Modified: July 13, 2025, 11:32 a.m.
Total resulsts: 343040
Page 6930 of 34,304
Β« previous page Β» next page
Filters