7.8
CVE-2024-50322 -
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security UpdateΒ allows a local unauthenticated attacker to achieve code execution. User interaction is required.
7.5
CVE-2024-50331 -
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
7.5
CVE-2024-50321 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50320 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50319 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50318 -
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50317 -
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-45289 - Unbounded allocation in ctl(4) CAM Target Layer
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting β¦
5.3
CVE-2024-39281 - Unbounded allocation in ctl(4) CAM Target Layer
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
6.8
CVE-2024-2315 - SMM arbitrary code execution in Overclock
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.