Filtered by vendor Ivanti
Subscribe
Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.5 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2025-0283 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-01-14 | N/A | 7.0 HIGH |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2024-50331 | 1 Ivanti | 1 Avalanche | 2024-12-18 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | |||||
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | N/A | 8.8 HIGH |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | |||||
| CVE-2024-9845 | 1 Ivanti | 1 Automation | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-10251 | 1 Ivanti | 1 Security Controls | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | N/A | 9.1 CRITICAL |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||