Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-8626
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-10-08
CVE-2024-9124
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-10-08
CVE-2024-9167
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-10-08
CVE-2024-9379
Known exploited
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVSS Score
6.5
EPSS Score
0.817
Published
2024-10-08
CVE-2024-9380
Known exploited
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
CVSS Score
7.2
EPSS Score
0.881
Published
2024-10-08
CVE-2024-47010
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.012
Published
2024-10-08
CVE-2024-47011
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVSS Score
7.5
EPSS Score
0.4
Published
2024-10-08
CVE-2024-7612
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-10-08
CVE-2024-47007
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.038
Published
2024-10-08
CVE-2024-47008
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.431
Published
2024-10-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved