CVE-2024-29847 : IVANTI EPM 2024/UP TO 2022 SU5 AGENT PORTAL DESERIALIZATION
Description Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker…
CVE-2024-21529 : DSET UP TO 3.1.3 PROTOTYPE POLLUTION
Description Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows…
CVE-2024-43690 : GALLAGHER COMMAND CENTRE SERVER INCLUSION OF FUNCTIONALITY FROM UNTRUSTED CONTROL SPHERE
Description Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).…
CVE-2024-8503 : VICIDIAL 2.14-917A SQL INJECTION
Description An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the…
CVE-2024-45409 : SAML-TOOLKITS RUBY-SAML UP TO 1.12.2/1.16.X SAML RESPONSE SIGNATURE VERIFICATION
Description The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in
CVE-2024-44107 : IVANTI WORKSPACE CONTROL UP TO 10.18.50.0 MANAGEMENT CONSOLE UNCONTROLLED SEARCH PATH
Description DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and…