ID | CVSS | Summary | Last (major) update | Published | |
CVE-2024-32840 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-32843 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-32845 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-32846 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-32848 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-34779 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-34783 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-34785 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-29847 | None |
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-32842 | None |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
12-09-2024 - 22:35 | 12-09-2024 - 02:15 | |
CVE-2024-8751 | None |
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
address over Sopas ET.
This can lead to Denial of Service.
Users are recommended to upgrade both
MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respect
|
12-09-2024 - 22:15 | 12-09-2024 - 22:15 | |
CVE-2024-8751 | None |
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
address over Sopas ET.
This can lead to Denial of Service.
Users are recommended to upgrade both
MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respect
|
12-09-2024 - 22:15 | 12-09-2024 - 22:15 | |
CVE-2024-8322 | None |
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
|
12-09-2024 - 21:56 | 10-09-2024 - 21:15 | |
CVE-2024-8321 | None |
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
|
12-09-2024 - 21:53 | 10-09-2024 - 21:15 | |
CVE-2024-8441 | None |
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
|
12-09-2024 - 21:53 | 10-09-2024 - 21:15 | |
CVE-2024-8320 | None |
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
|
12-09-2024 - 21:51 | 10-09-2024 - 21:15 | |
CVE-2024-8191 | None |
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
|
12-09-2024 - 21:50 | 10-09-2024 - 21:15 | |
CVE-2024-6121 | None |
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior ve
|
12-09-2024 - 21:42 | 22-07-2024 - 20:15 | |
CVE-2024-41629 | None |
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials
|
12-09-2024 - 21:35 | 12-09-2024 - 18:15 | |
CVE-2024-8695 | None |
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
|
12-09-2024 - 21:35 | 12-09-2024 - 18:15 | |
CVE-2024-8696 | None |
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
|
12-09-2024 - 21:35 | 12-09-2024 - 18:15 | |
CVE-2024-25270 | None |
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.
|
12-09-2024 - 21:35 | 12-09-2024 - 19:15 | |
CVE-2024-34334 | None |
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
|
12-09-2024 - 21:35 | 12-09-2024 - 19:15 | |
CVE-2024-34335 | None |
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
|
12-09-2024 - 21:35 | 12-09-2024 - 19:15 | |
CVE-2020-24061 | None |
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
|
12-09-2024 - 21:35 | 12-09-2024 - 18:15 | |
CVE-2023-27793 | None |
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
|
12-09-2024 - 21:35 | 19-10-2023 - 21:15 | |
CVE-2023-27795 | None |
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
|
12-09-2024 - 21:35 | 19-10-2023 - 21:15 | |
CVE-2023-30131 | None |
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
|
12-09-2024 - 21:35 | 19-10-2023 - 21:15 | |
CVE-2023-46227 | None |
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.
This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or che
|
12-09-2024 - 21:35 | 19-10-2023 - 10:15 | |
CVE-2024-20430 | None |
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.
This vulnerability is due to incorrect handling of directory search paths
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-44459 | None |
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-44460 | None |
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-45607 | None |
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyo
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-6077 | None |
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-8533 | None |
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
|
12-09-2024 - 21:34 | 12-09-2024 - 20:15 | |
CVE-2024-7960 | None |
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to f
|
12-09-2024 - 21:34 | 12-09-2024 - 21:15 | |
CVE-2024-7961 | None |
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
|
12-09-2024 - 21:34 | 12-09-2024 - 21:15 | |
CVE-2024-34336 | None |
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-36066 | None |
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-45181 | None |
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-45182 | None |
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-45303 | None |
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discours
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-45383 | None |
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which lead
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-4472 | None |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-6678 | None |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under c
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-8311 | None |
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-8641 | None |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLa
|
12-09-2024 - 21:34 | 12-09-2024 - 19:15 | |
CVE-2024-39771 | None |
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-mi
|
12-09-2024 - 21:34 | 28-08-2024 - 06:15 | |
CVE-2024-43414 | None |
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.
|
12-09-2024 - 21:33 | 27-08-2024 - 18:15 | |
CVE-2024-43783 | None |
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of ser
|
12-09-2024 - 21:33 | 27-08-2024 - 18:15 |