Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-50328 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-50329 | Path Traversal vulnerability in Ivanti Endpoint Manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | 8.8 |
| 2024-11-12 | CVE-2024-50331 | Out-of-bounds Read vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | 7.5 |
| 2024-11-12 | CVE-2024-8495 | NULL Pointer Dereference vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-9420 | Use After Free vulnerability in Ivanti Connect Secure 7.1/7.4 A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | 8.8 |
| 2024-11-12 | CVE-2024-11125 | Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimplecms 3.3.16 A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. | 4.3 |
| 2024-11-12 | CVE-2024-11127 | SQL Injection vulnerability in Anisha JOB Recruitment 1.0 A vulnerability was found in code-projects Job Recruitment up to 1.0. | 8.8 |
| 2024-11-12 | CVE-2024-11130 | Cross-site Scripting vulnerability in Zzcms A vulnerability was found in ZZCMS up to 2023. | 4.8 |
| 2024-11-12 | CVE-2024-37365 | Unspecified vulnerability in Rockwellautomation Factorytalk View 14.0 A remote code execution vulnerability exists in the affected product. | 7.8 |
| 2024-11-12 | CVE-2024-50386 | Unspecified vulnerability in Apache Cloudstack Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. | 9.9 |