Filtered by vendor Ivanti
Subscribe
Total
454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35077 | 2 Ivanti, Microsoft | 2 Endpoint Manager, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | |||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. | |||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | |||||
| CVE-2023-28129 | 1 Ivanti | 1 Desktop \& Server Management | 2024-11-21 | N/A | 7.8 HIGH |
| Desktop & Server Management (DSM) may have a possible execution of arbitrary commands. | |||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | |||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | N/A | 7.8 HIGH |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | |||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-36983 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919. | |||||
| CVE-2022-35258 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | |||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | |||||
| CVE-2022-22572 | 1 Ivanti | 1 Incapptic Connect | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. | |||||
| CVE-2022-22571 | 1 Ivanti | 1 Incapptic Connect | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | |||||
| CVE-2022-21828 | 1 Ivanti | 1 Incapptic Connect | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. | |||||
| CVE-2022-21826 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | N/A | 5.4 MEDIUM |
| Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. | |||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||