7.5

CVSS3.1

CVE-2024-47907 -

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

πŸ“… Published: Nov. 12, 2024, 4 p.m. πŸ”„ Last Modified: Nov. 18, 2024, 3:09 p.m.

7.8

CVSS3.1

CVE-2024-47906 -

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

πŸ“… Published: Nov. 12, 2024, 3:59 p.m. πŸ”„ Last Modified: Jan. 17, 2025, 8:27 p.m.

6.5

CVSS3.1

CVE-2024-52296 - libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid, but names array do not declare all of the …

πŸ“… Published: Nov. 12, 2024, 3:58 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-9420 -

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

πŸ“… Published: Nov. 12, 2024, 3:57 p.m. πŸ”„ Last Modified: March 13, 2025, 4:15 p.m.

4.9

CVSS3.1

CVE-2024-47905 -

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

πŸ“… Published: Nov. 12, 2024, 3:56 p.m. πŸ”„ Last Modified: Nov. 18, 2024, 3:08 p.m.

9.8

CVSS3.1

CVE-2024-52297 - Tolgee's configuration all configuration properties leaked in public configuration DTO

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.

πŸ“… Published: Nov. 12, 2024, 3:54 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:27 p.m.

4.3

CVSS3.1

CVE-2024-10971 -

Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.

πŸ“… Published: Nov. 12, 2024, 3:52 p.m. πŸ”„ Last Modified: June 27, 2025, 6:47 p.m.

5.5

CVSS3.1

CVE-2024-47535 - Denial of Service attack on windows app using Netty

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to…

πŸ“… Published: Nov. 12, 2024, 3:50 p.m. πŸ”„ Last Modified: Sept. 5, 2025, 2 p.m.

9

CVSS3.1

CVE-2024-43415 - Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.

πŸ“… Published: Nov. 12, 2024, 3:45 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-50330 -

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security UpdateΒ allows a remote unauthenticated attacker to achieve remote code execution.

πŸ“… Published: Nov. 12, 2024, 3:42 p.m. πŸ”„ Last Modified: April 23, 2025, 9:29 p.m.
Total resulsts: 347748
Page 7787 of 34,775
Β« previous page Β» next page
Filters