Filtered by vendor Ivanti Subscriptions
Total 323 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39709 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-24 7.8 High
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
CVE-2024-38655 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-24 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-38649 1 Ivanti 1 Connect Secure 2024-11-24 N/A
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47906 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-22 7.8 High
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVE-2024-11007 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-22 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11006 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-22 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11005 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-22 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11004 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-37381 1 Ivanti 1 Endpoint Manager 2024-11-21 N/A
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29848 1 Ivanti 1 Avalanche 2024-11-21 N/A
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVE-2024-29846 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29830 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29829 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29828 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29827 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29826 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29825 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29823 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29822 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29205 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 N/A
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.