Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-10 CVE-2024-49552 Out-of-bounds Write vulnerability in Adobe Media Encoder
Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2024-12-10 CVE-2024-49553 Out-of-bounds Write vulnerability in Adobe Media Encoder
Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2024-12-10 CVE-2024-11633 Argument Injection or Modification vulnerability in Ivanti Connect Secure
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
network
low complexity
ivanti CWE-88
7.2
2024-12-10 CVE-2024-11634 Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-77
7.2
2024-12-10 CVE-2024-11772 Command Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-77
7.2
2024-12-10 CVE-2024-11773 SQL Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
network
low complexity
ivanti CWE-89
7.2
2024-12-10 CVE-2024-9844 Unspecified vulnerability in Ivanti Connect Secure
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
network
low complexity
ivanti
8.8
2024-12-10 CVE-2024-53246 Cleartext Transmission of Sensitive Information vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information.
network
low complexity
splunk CWE-319
7.5
2024-12-10 CVE-2024-55602 Unspecified vulnerability in Pwndoc Project Pwndoc
PwnDoc is a penetration test report generator.
network
low complexity
pwndoc-project
8.5
2024-12-10 CVE-2024-10494 Unspecified vulnerability in NI Labview
An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.
local
low complexity
ni
7.8