6.5

CVSS3.1

CVE-2024-8096 - OCSP stapling bypass with GnuTLS

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than…

πŸ“… Published: Sept. 11, 2024, midnight πŸ”„ Last Modified: July 30, 2025, 7:42 p.m.

5.4

CVSS3.1

CVE-2024-44851 -

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

πŸ“… Published: Sept. 11, 2024, midnight πŸ”„ Last Modified: Sept. 13, 2024, 4:34 p.m.

5.3

CVSS3.1

CVE-2024-45597 - Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.

πŸ“… Published: Sept. 10, 2024, 9:42 p.m. πŸ”„ Last Modified: March 5, 2025, 2:53 p.m.

6.7

CVSS3.1

CVE-2024-8441 -

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

πŸ“… Published: Sept. 10, 2024, 9:01 p.m. πŸ”„ Last Modified: Sept. 12, 2024, 9:53 p.m.

4.3

CVSS3.1

CVE-2024-8322 -

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

πŸ“… Published: Sept. 10, 2024, 8:59 p.m. πŸ”„ Last Modified: Sept. 12, 2024, 9:56 p.m.

5.8

CVSS3.1

CVE-2024-8321 -

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

πŸ“… Published: Sept. 10, 2024, 8:54 p.m. πŸ”„ Last Modified: Sept. 12, 2024, 9:53 p.m.

5.3

CVSS3.1

CVE-2024-8320 -

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

πŸ“… Published: Sept. 10, 2024, 8:52 p.m. πŸ”„ Last Modified: Sept. 12, 2024, 9:51 p.m.

7.8

CVSS3.1

CVE-2024-8191 -

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

πŸ“… Published: Sept. 10, 2024, 8:50 p.m. πŸ”„ Last Modified: Sept. 12, 2024, 9:50 p.m.

8.8

CVSS3.1

CVE-2024-44107 -

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

πŸ“… Published: Sept. 10, 2024, 8:47 p.m. πŸ”„ Last Modified: June 12, 2025, 5:15 p.m.

8.8

CVSS3.1

CVE-2024-44106 -

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

πŸ“… Published: Sept. 10, 2024, 8:45 p.m. πŸ”„ Last Modified: June 12, 2025, 5:15 p.m.
Total resulsts: 349182
Page 8604 of 34,919
Β« previous page Β» next page
Filters