2251
|
6.7 |
MEDIUM
Local
|
ivanti
|
endpoint_manager
|
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-8441
|
2024-09-13 06:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2252
|
8.6 |
HIGH
Network
ivanti
|
endpoint_manager
|
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8321
|
2024-09-13 06:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2253
|
5.3 |
MEDIUM
Network
ivanti
|
endpoint_manager
|
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8320
|
2024-09-13 06:51 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2254
|
9.8 |
CRITICAL
Network
ivanti
|
endpoint_manager
|
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
|
CWE-89
SQL Injection
|
CVE-2024-8191
|
2024-09-13 06:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2255
|
7.8 |
HIGH
Local
|
ni
|
flexlogger systemlink
|
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. …
|
NVD-CWE-Other
|
CVE-2024-6121
|
2024-09-13 06:42 |
2024-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2256
|
9.8 |
CRITICAL
Network
ixpdata
|
easyinstall
|
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
|
NVD-CWE-noinfo
|
CVE-2023-30131
|
2024-09-13 06:35 |
2023-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2257
|
7.8 |
HIGH
Local
|
ixpdata
|
easyinstall
|
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
|
NVD-CWE-noinfo
|
CVE-2023-27795
|
2024-09-13 06:35 |
2023-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2258
|
7.8 |
HIGH
Local
|
ixpdata
|
easyinstall
|
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
|
NVD-CWE-noinfo
|
CVE-2023-27793
|
2024-09-13 06:35 |
2023-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2259
|
7.5 |
HIGH
Network
apache
|
inlong
|
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.
This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-46227
|
2024-09-13 06:35 |
2023-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2260
|
6.8 |
MEDIUM
Adjacent
|
safie
|
qbic_cloud_cc-2\/2l_firmware safie_one_firmware
|
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communi…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-39771
|
2024-09-13 06:34 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|