9.1

CVSS3.1

CVE-2024-11005 -

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

๐Ÿ“… Published: Nov. 12, 2024, 4:07 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:23 p.m.

8.6

CVSS4.0

CVE-2024-52010 - Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH seโ€ฆ

๐Ÿ“… Published: Nov. 12, 2024, 4:06 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 5:15 p.m.

9.1

CVSS3.1

CVE-2024-11006 -

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

๐Ÿ“… Published: Nov. 12, 2024, 4:06 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:23 p.m.

9.1

CVSS3.1

CVE-2024-11007 -

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

๐Ÿ“… Published: Nov. 12, 2024, 4:05 p.m. ๐Ÿ”„ Last Modified: Nov. 22, 2024, 5:15 p.m.

7.5

CVSS3.1

CVE-2024-8495 -

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

๐Ÿ“… Published: Nov. 12, 2024, 4:04 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:04 p.m.

4.9

CVSS3.1

CVE-2024-47909 -

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

๐Ÿ“… Published: Nov. 12, 2024, 4:02 p.m. ๐Ÿ”„ Last Modified: Nov. 19, 2024, 5:10 p.m.

7.5

CVSS3.1

CVE-2024-47907 -

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

๐Ÿ“… Published: Nov. 12, 2024, 4 p.m. ๐Ÿ”„ Last Modified: Nov. 18, 2024, 3:09 p.m.

7.8

CVSS3.1

CVE-2024-47906 -

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

๐Ÿ“… Published: Nov. 12, 2024, 3:59 p.m. ๐Ÿ”„ Last Modified: Jan. 17, 2025, 8:27 p.m.

6.5

CVSS3.1

CVE-2024-52296 - libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid, but names array do not declare all of the โ€ฆ

๐Ÿ“… Published: Nov. 12, 2024, 3:58 p.m. ๐Ÿ”„ Last Modified: Nov. 19, 2024, 5:01 p.m.

8.8

CVSS3.1

CVE-2024-9420 -

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

๐Ÿ“… Published: Nov. 12, 2024, 3:57 p.m. ๐Ÿ”„ Last Modified: March 13, 2025, 4:15 p.m.
Total resulsts: 343923
Page 7404 of 34,393
ยซ previous page ยป next page
Filters