5.5

CVSS3.1

CVE-2024-49527 - Animate | Out-of-bounds Read (CWE-125)

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim โ€ฆ

๐Ÿ“… Published: Nov. 12, 2024, 4:14 p.m. ๐Ÿ”„ Last Modified: Nov. 18, 2024, 6:39 p.m.

7.8

CVSS3.1

CVE-2024-49528 - Animate | Out-of-bounds Write (CWE-787)

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“… Published: Nov. 12, 2024, 4:14 p.m. ๐Ÿ”„ Last Modified: Nov. 18, 2024, 6:34 p.m.

7.8

CVSS3.1

CVE-2024-49526 - Animate | Use After Free (CWE-416)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“… Published: Nov. 12, 2024, 4:14 p.m. ๐Ÿ”„ Last Modified: Nov. 18, 2024, 6:41 p.m.

7.8

CVSS3.1

CVE-2024-7571 -

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

๐Ÿ“… Published: Nov. 12, 2024, 4:14 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 7:45 p.m.

5

CVSS3.1

CVE-2024-9843 -

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

๐Ÿ“… Published: Nov. 12, 2024, 4:13 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8 p.m.

7.3

CVSS3.1

CVE-2024-9842 -

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

๐Ÿ“… Published: Nov. 12, 2024, 4:12 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 7:55 p.m.

7.1

CVSS3.1

CVE-2024-8539 -

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

๐Ÿ“… Published: Nov. 12, 2024, 4:11 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:02 p.m.

6.1

CVSS3.1

CVE-2024-11004 -

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

๐Ÿ“… Published: Nov. 12, 2024, 4:09 p.m. ๐Ÿ”„ Last Modified: April 4, 2025, 2:34 p.m.

9.1

CVSS3.1

CVE-2024-11005 -

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

๐Ÿ“… Published: Nov. 12, 2024, 4:07 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:23 p.m.

8.6

CVSS4.0

CVE-2024-52010 - Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH seโ€ฆ

๐Ÿ“… Published: Nov. 12, 2024, 4:06 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 5:15 p.m.
Total resulsts: 343921
Page 7403 of 34,393
ยซ previous page ยป next page
Filters