CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

473 matches found

RedhatCVE•added 2025/02/05 10:1 a.m.•9 views

CVE-2024-3029

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

9CVSS6.7AI score0.00731EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 4:59 a.m.•3 views

CVE-2024-10630

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality...

7.8CVSS6.4AI score0.00222EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 1:27 a.m.•7 views

CVE-2024-11598

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation...

7.8CVSS6.6AI score0.00206EPSS

Exploits0References1

NVD•added 2025/01/14 5:15 p.m.•11 views

CVE-2024-10630

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality...

7.8CVSS0.00222EPSS

Exploits0References1

Cvelist•added 2025/01/14 4:49 p.m.•13 views

CVE-2024-10630

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality...

7.8CVSS0.00222EPSS

Exploits0References1

Vulnrichment•added 2025/01/14 4:49 p.m.•5 views

CVE-2024-10630

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality...

7.8CVSS6.5AI score0.00222EPSS

Exploits0References1

CVE•added 2025/01/14 4:49 p.m.•55 views

CVE-2024-10630

CVE-2024-10630 affects Ivanti Application Control Engine. A race condition in versions prior to 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. The issue is documented across multiple sources (Ivanti security advisory, Red Hat/CISA entries, PT-sec...

7.8CVSS7.4AI score0.00222EPSS

Exploits0References1Affected Software2

Ivanti•added 2025/01/14 2:56 p.m.•10 views

Security Advisory - Ivanti Application Control Engine (CVE-2024-10630)

Summary Ivanti has released updates for Ivanti Application Control Engine which address a high severity vulnerability. Successful exploitation could lead to bypassing configured protections. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

7.8CVSS6.5AI score0.00222EPSS

Exploits0

CISA•added 2025/01/14 12:0 p.m.•9 views

Ivanti Releases Security Updates for Multiple Products

Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanchelink is...

7.8CVSS7.2AI score0.00222EPSS

Exploits0References3

CNNVD•added 2025/01/14 12:0 a.m.•3 views

Ivanti Application Control 安全漏洞

Ivanti Application Control is an application control software from Ivanti Corporation, USA. A security vulnerability previously existed in Ivanti Application Control version 10.14.4.0, which stemmed from the inclusion of a race condition issue. Allowing a locally authenticated attacker to exploit...

7.8CVSS6.3AI score0.00222EPSS

Exploits0References1

Positive Technologies•added 2025/01/14 12:0 a.m.•4 views

PT-2025-1601 · Ivanti · Ivanti Application Control Engine

Name of the Vulnerable Software and Affected Versions: Ivanti Application Control Engine versions prior to 10.14.4.0 Description: A race condition in the software allows a local authenticated attacker to bypass the application blocking functionality. Recommendations: For versions prior to...

7.8CVSS7.3AI score0.00222EPSS

Exploits0References5

OSV•added 2024/12/11 5:15 p.m.•4 views

CVE-2024-11598

7.8CVSS5.8AI score0.00206EPSS

Exploits0References1

NVD•added 2024/12/11 5:15 p.m.•13 views

CVE-2024-11598

7.8CVSS0.00206EPSS

Exploits0References1

CVE•added 2024/12/11 4:50 p.m.•51 views

CVE-2024-11598

Ivanti Application Control is affected by CVE-2024-11598 due to insecure permissions that enable local privilege escalation for a local authenticated attacker. Affected versions are pre-2024.3 HF1, pre-2024.1 HF2, and pre-2023.3 HF3. Mitigation: upgrade to 2024.3 HF1, 2024.1 HF4, or 2023.3 HF3, r...

7.8CVSS7.5AI score0.00206EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/12/11 4:50 p.m.•13 views

CVE-2024-11598

7.8CVSS0.00206EPSS

Exploits0References1

Vulnrichment•added 2024/12/11 4:50 p.m.•15 views

CVE-2024-11598

7.8CVSS7.5AI score0.00206EPSS

Exploits0References1

CNNVD•added 2024/12/11 12:0 a.m.•3 views

Ivanti Application Control 安全漏洞

Ivanti Application Control is an application control software from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Application Control that stems from improper privilege management. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS6.7AI score0.00206EPSS

Exploits0References1

Positive Technologies•added 2024/12/11 12:0 a.m.•4 views

PT-2024-17128 · Ivanti · Ivanti Application Control

Name of the Vulnerable Software and Affected Versions: Ivanti Application Control versions prior to 2024.3 HF1 Ivanti Application Control versions prior to 2024.1 HF2 Ivanti Application Control versions prior to 2023.3 HF3 Description: Under specific circumstances, insecure permissions in Ivanti...

7.8CVSS7AI score0.00206EPSS

Exploits0References6

Ivanti•added 2024/12/10 10:49 a.m.•9 views

December 2024 Security Advisory Ivanti Application Control (CVE-2024-11598)

Summary Ivanti has released updates for Ivanti Application Control which address one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Number| Description| CVSS Score Severity| CVSS Vector| CW...

7.8CVSS6.6AI score0.00206EPSS

Exploits0

BDU FSTEC•added 2024/11/17 12:0 a.m.•2 views

The vulnerability of Windows Defender Application Control (WDAC) on Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of Windows Defender Application Control WDAC on Windows operating systems relates to a flaw in the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

6.8CVSS5.5AI score0.00537EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by