Filtered by vendor Ivanti
Subscriptions
Total
345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2024-11-29 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-21893 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-11-29 | 8.2 High |
| A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | ||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2024-11-27 | 7.5 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2024-8190 | 1 Ivanti | 1 Cloud Services Appliance | 2024-11-26 | 7.2 High |
| An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
| CVE-2024-39709 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-23 | 7.8 High |
| Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-38655 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-23 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-38649 | 1 Ivanti | 1 Connect Secure | 2024-11-23 | N/A |
| An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-37381 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
| An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||