Filtered by vendor Ivanti
Subscribe
Total
278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2023-46222 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2024-02-28 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | |||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-02-28 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | |||||
| CVE-2023-46221 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46216 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 7.5 HIGH |
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | |||||
| CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | |||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.8 CRITICAL |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 | |||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-02-28 | N/A | 7.0 HIGH |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-35083 | 1 Ivanti | 1 Endpoint Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
| Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | |||||
| CVE-2023-35077 | 2 Ivanti, Microsoft | 2 Endpoint Manager, Windows | 2024-02-28 | N/A | 7.5 HIGH |
| An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | |||||
| CVE-2023-38343 | 1 Ivanti | 1 Endpoint Manager | 2024-02-28 | N/A | 7.5 HIGH |
| An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery. | |||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-02-28 | N/A | 9.8 CRITICAL |
| Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||