Filtered by vendor Ivanti
Subscriptions
Total
247 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-17 | 9.8 Critical |
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2024-09-17 | 9.8 Critical |
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | ||||
CVE-2023-46224 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-09-17 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2019-11477 | 6 Canonical, F5, Ivanti and 3 more | 29 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 26 more | 2024-09-17 | 7.5 High |
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. | ||||
CVE-2018-20808 | 1 Ivanti | 1 Connect Secure | 2024-09-17 | N/A |
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX. | ||||
CVE-2021-3540 | 1 Ivanti | 1 Mobileiron | 2024-09-17 | 6.5 Medium |
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
CVE-2018-20811 | 1 Ivanti | 1 Connect Secure | 2024-09-16 | N/A |
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | ||||
CVE-2019-11478 | 6 Canonical, F5, Ivanti and 3 more | 29 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 26 more | 2024-09-16 | N/A |
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | ||||
CVE-2018-20813 | 1 Ivanti | 1 Connect Secure | 2024-09-16 | N/A |
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | ||||
CVE-2018-20809 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-09-16 | N/A |
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | ||||
CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2024-09-16 | 6.5 Medium |
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-09-16 | N/A |
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | ||||
CVE-2024-8190 | 1 Ivanti | 1 Cloud Services Appliance | 2024-09-16 | 7.2 High |
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
CVE-2024-37397 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 8.2 High |
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. | ||||
CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 9.8 Critical |
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | ||||
CVE-2023-35083 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 6.5 Medium |
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | ||||
CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |