Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-49521 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. | 7.7 |
| 2024-11-12 | CVE-2024-11007 | OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-47907 | Out-of-bounds Write vulnerability in Ivanti Connect Secure A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50317 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50318 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50319 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50320 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50321 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50322 | Path Traversal vulnerability in Ivanti Endpoint Manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. | 7.8 |
| 2024-11-12 | CVE-2024-50323 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. | 7.8 |