KEV Catalog CVEs
Attaxion maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. 243,000+ CVEs are indexed from NVD, and those that have been added to the Known Exploited Vulnerabilities (KEV) Catalog recently are listed below.
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
CVE-2024-43572
Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-43573
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVE-2024-7593
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.