KEV Catalog CVEs
Attaxion maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. 243,000+ CVEs are indexed from NVD, and those that have been added to the Known Exploited Vulnerabilities (KEV) Catalog recently are listed below.
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
CVE-2024-43572
Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-43573
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVE-2024-7593
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-8190
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
CVE-2024-38014
Windows Installer Elevation of Privilege Vulnerability