RiSec CyberAwareness Logo

CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: September 13, 2024. 03:00:39 UTC

click on an item for more info;

ID Description Modified References
CVE-2024-32840 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-32843 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-32845 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-32846 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-32848 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-34779 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-34783 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-34785 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-29847 Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-32842 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. September 12, 2024. 22:35:00 [forums.ivanti.com]
CVE-2024-8751 A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. September 12, 2024. 22:15:00 [sick.com][cdn.sick.com]
CVE-2024-8322 Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. September 12, 2024. 21:56:00 [forums.ivanti.com]
CVE-2024-8321 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. September 12, 2024. 21:53:00 [forums.ivanti.com]
CVE-2024-8441 An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. September 12, 2024. 21:53:00 [forums.ivanti.com]
CVE-2024-8320 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. September 12, 2024. 21:51:00 [forums.ivanti.com]
CVE-2024-8191 SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. September 12, 2024. 21:50:00 [forums.ivanti.com]
CVE-2024-6121 An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. September 12, 2024. 21:42:00 [www.ni.com]
CVE-2023-46227 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 September 12, 2024. 21:35:00 [lists.apache.org]
CVE-2023-27793 An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. September 12, 2024. 21:35:00 [www.bramfitt-tech-labs.com]
CVE-2023-27795 An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. September 12, 2024. 21:35:00 [www.bramfitt-tech-labs.com]


Page 1 of 1342



Discord Invite
View Disclaimer
Powered by NameCheap