Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2024
CVE-2024-50924
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-10
CVE-2024-50928
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-10
CVE-2024-50929
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).
CVSS Score
6.2
EPSS Score
0.001
Published
2024-12-10
CVE-2024-50930
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-12-10
CVE-2024-50931
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-12-10
CVE-2024-10256
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-10
CVE-2024-11633
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
9.1
EPSS Score
0.127
Published
2024-12-10
CVE-2024-11634
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVSS Score
9.1
EPSS Score
0.142
Published
2024-12-10
CVE-2024-11639
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVSS Score
10.0
EPSS Score
0.081
Published
2024-12-10
CVE-2024-11772
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.098
Published
2024-12-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved