7.2
CVE-2024-50324 -
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Updateย allows a remote authenticated attacker with admin privileges to achieve remote code execution.
7.8
CVE-2024-50323 -
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Updateย allows a local unauthenticated attacker to achieve code execution. User interaction is required.
7.8
CVE-2024-50322 -
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Updateย allows a local unauthenticated attacker to achieve code execution. User interaction is required.
7.5
CVE-2024-50331 -
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
7.5
CVE-2024-50321 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50320 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50319 -
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50318 -
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-50317 -
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
7.5
CVE-2024-45289 - Unbounded allocation in ctl(4) CAM Target Layer
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting โฆ