Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-11005 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-11006 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-49521 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. | 7.7 |
| 2024-11-12 | CVE-2024-49527 | Out-of-bounds Read vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2024-11-12 | CVE-2024-7571 | Unspecified vulnerability in Ivanti Secure Access Client Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-12 | CVE-2024-8539 | Unspecified vulnerability in Ivanti Secure Access Client Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | 7.1 |
| 2024-11-12 | CVE-2024-9842 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Secure Access Client Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | 3.3 |
| 2024-11-12 | CVE-2024-9843 | Out-of-bounds Read vulnerability in Ivanti Secure Access Client A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | 5.5 |
| 2024-11-12 | CVE-2024-11007 | OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-47905 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | 4.9 |