Filtered by vendor Ivanti
Subscribe
Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2025-03-25 | N/A | 5.5 MEDIUM |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | |||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-03-21 | 7.5 HIGH | 10.0 CRITICAL |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | |||||
| CVE-2021-22900 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-03-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2024-36132 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-19 | N/A | 7.5 HIGH |
| Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | |||||
| CVE-2025-0282 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-03-17 | N/A | 9.0 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | N/A | 9.8 CRITICAL |
| An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2024-22026 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | N/A | 6.7 MEDIUM |
| A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | |||||
| CVE-2024-9420 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-03-13 | N/A | 8.8 HIGH |
| A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | |||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-03-07 | N/A | 7.0 HIGH |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | |||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||
| CVE-2024-47908 | 1 Ivanti | 1 Cloud Services Appliance | 2025-02-20 | N/A | 9.1 CRITICAL |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-13813 | 1 Ivanti | 1 Secure Access Client | 2025-02-20 | N/A | 7.1 HIGH |
| Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2024-13842 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
| A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||