Filtered by vendor Ivanti
Subscriptions
Total
345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11633 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | 9.1 Critical |
| Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | ||||
| CVE-2024-11634 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) | ||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | ||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.5 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | ||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2025-0283 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-01-14 | 7 High |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | ||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | ||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | ||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-01-07 | N/A |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2023-35078 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-20 | 9.8 Critical |
| An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | ||||
| CVE-2024-10251 | 1 Ivanti | 1 Security Controls | 2024-12-20 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-9845 | 1 Ivanti | 1 Automation | 2024-12-19 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-50331 | 1 Ivanti | 1 Avalanche | 2024-12-18 | 7.5 High |
| An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | ||||
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | 8.8 High |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | ||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-14 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-39712 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-12-01 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-39711 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-12-01 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-39710 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-12-01 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-38656 | 1 Ivanti | 2 Automation, Connect Secure | 2024-12-01 | 9.1 Critical |
| Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||