Filtered by vendor Ivanti
Subscriptions
Total
323 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39709 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-24 | 7.8 High |
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-38655 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-24 | N/A |
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-38649 | 1 Ivanti | 1 Connect Secure | 2024-11-24 | N/A |
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. | ||||
CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 7.8 High |
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | ||||
CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-11006 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-11005 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-11004 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 6.1 Medium |
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | ||||
CVE-2024-37381 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.0 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
CVE-2024-29205 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | N/A |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. |