Filtered by vendor Ivanti
Subscriptions
Total
480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | 8.8 High |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | ||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-14 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2024-11-27 | 7.5 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-29205 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | N/A |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. | ||||
| CVE-2024-22053 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 8.2 High |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. | ||||
| CVE-2024-22052 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 7.5 High |
| A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack | ||||
| CVE-2024-22023 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 5.3 Medium |
| An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. | ||||
| CVE-2024-21894 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 9.8 Critical |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code | ||||