Security Vulnerabilities - Known exploited
CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Known exploited
CVSS Score
9.8
EPSS Score
0.117
Published
2024-10-09
CVE-2024-43572
Microsoft Management Console Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.595
Published
2024-10-08
CVE-2024-43573
Windows MSHTML Platform Spoofing Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.085
Published
2024-10-08
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Known exploited
CVSS Score
6.5
EPSS Score
0.838
Published
2024-10-08
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.83
Published
2024-10-08
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2024-10-07
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Known exploited
CVSS Score
10.0
EPSS Score
0.942
Published
2024-10-02
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Known exploited
CVSS Score
9.4
EPSS Score
0.943
Published
2024-09-19
CVE-2024-8957
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Known exploited
CVSS Score
7.2
EPSS Score
0.46
Published
2024-09-17
CVE-2024-8956
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Known exploited
CVSS Score
9.1
EPSS Score
0.869
Published
2024-09-17