Total 262751 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8751 2024-09-12 7.5 High
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
CVE-2024-7143 1 Redhat 3 Ansible Automation Platform, Rhui, Satellite 2024-09-12 N/A
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
CVE-2024-3727 1 Redhat 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more 2024-09-12 8.3 High
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CVE-2024-34785 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34783 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34779 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32848 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32846 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32845 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32843 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32842 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-29847 1 Ivanti 1 Endpoint Manager 2024-09-12 9.8 Critical
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-8322 1 Ivanti 1 Endpoint Manager 2024-09-12 4.3 Medium
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
CVE-2024-8441 1 Ivanti 1 Endpoint Manager 2024-09-12 6.7 Medium
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVE-2024-8321 1 Ivanti 1 Endpoint Manager 2024-09-12 5.8 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
CVE-2024-8320 1 Ivanti 2 Automation, Endpoint Manager 2024-09-12 5.3 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
CVE-2024-32840 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-8191 1 Ivanti 1 Endpoint Manager 2024-09-12 7.8 High
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-6121 1 Ni 2 Flexlogger, Systemlink 2024-09-12 7.8 High
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
CVE-2024-34335 1 Ordat 1 Foss-online 2024-09-12 6.1 Medium
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.