Filtered by vendor Ivanti Subscriptions
Total 247 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-29847 1 Ivanti 1 Endpoint Manager 2024-09-17 9.8 Critical
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2023-46265 1 Ivanti 1 Avalanche 2024-09-17 9.8 Critical
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46224 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-09-17 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2019-11477 6 Canonical, F5, Ivanti and 3 more 29 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 26 more 2024-09-17 7.5 High
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
CVE-2018-20808 1 Ivanti 1 Connect Secure 2024-09-17 N/A
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE-2021-3540 1 Ivanti 1 Mobileiron 2024-09-17 6.5 Medium
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVE-2018-20811 1 Ivanti 1 Connect Secure 2024-09-16 N/A
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.
CVE-2019-11478 6 Canonical, F5, Ivanti and 3 more 29 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 26 more 2024-09-16 N/A
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
CVE-2018-20813 1 Ivanti 1 Connect Secure 2024-09-16 N/A
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.
CVE-2018-20809 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-09-16 N/A
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
CVE-2021-3198 1 Ivanti 1 Mobileiron 2024-09-16 6.5 Medium
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVE-2018-20810 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-09-16 N/A
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
CVE-2024-8190 1 Ivanti 1 Cloud Services Appliance 2024-09-16 7.2 High
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
CVE-2024-37397 1 Ivanti 1 Endpoint Manager 2024-09-13 8.2 High
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
CVE-2023-35084 1 Ivanti 1 Endpoint Manager 2024-09-13 9.8 Critical
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
CVE-2023-35083 1 Ivanti 1 Endpoint Manager 2024-09-13 6.5 Medium
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
CVE-2024-34785 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34783 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34779 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32848 1 Ivanti 1 Endpoint Manager 2024-09-12 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.