Filtered by vendor Ivanti
Subscribe
Total
278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 8.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | |||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-37398 | 1 Ivanti | 1 Secure Access Client | 2024-11-18 | N/A | 7.8 HIGH |
| Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-47909 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||||
| CVE-2024-47907 | 1 Ivanti | 1 Connect Secure | 2024-11-18 | N/A | 7.5 HIGH |
| A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-47905 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 7.2 HIGH |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50318 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-50317 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-50321 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-50320 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-50319 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-29211 | 1 Ivanti | 1 Secure Access Client | 2024-11-14 | N/A | 4.7 MEDIUM |
| A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | |||||
| CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-10-24 | N/A | 9.8 CRITICAL |
| An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | |||||
| CVE-2024-9381 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-16 | N/A | 7.2 HIGH |
| Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | |||||