Security Vulnerabilities - Known exploited
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Known exploited
CVSS Score
6.5
EPSS Score
0.838
Published
2024-10-08
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.842
Published
2024-10-08
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2024-10-07
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Known exploited
CVSS Score
10.0
EPSS Score
0.942
Published
2024-10-02
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Known exploited
CVSS Score
9.4
EPSS Score
0.944
Published
2024-09-19
CVE-2024-8957
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Known exploited
CVSS Score
7.2
EPSS Score
0.644
Published
2024-09-17
CVE-2024-8956
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Known exploited
CVSS Score
9.1
EPSS Score
0.865
Published
2024-09-17
CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Known exploited
CVSS Score
7.5
EPSS Score
0.146
Published
2024-09-17
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.594
Published
2024-09-17
CVE-2024-8190
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Known exploited
CVSS Score
7.2
EPSS Score
0.924
Published
2024-09-10