Filtered by vendor Ivanti
Subscriptions
Total
249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15593 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | N/A |
| An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector. | ||||
| CVE-2018-14366 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-08-05 | N/A |
| download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | ||||
| CVE-2018-8901 | 1 Ivanti | 1 Avalanche | 2024-08-05 | N/A |
| An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration. | ||||
| CVE-2018-8902 | 1 Ivanti | 1 Avalanche | 2024-08-05 | N/A |
| An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. | ||||
| CVE-2018-6320 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-08-05 | N/A |
| A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | ||||
| CVE-2018-6316 | 1 Ivanti | 1 Endpoint Security | 2024-08-05 | N/A |
| Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | ||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | 7.8 High |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | ||||
| CVE-2019-19138 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | 7.5 High |
| Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | ||||
| CVE-2019-17066 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | 7.8 High |
| In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | ||||
| CVE-2019-16382 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | ||||
| CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | ||||
| CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | ||||
| CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | ||||
| CVE-2019-12373 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | ||||
| CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | ||||
| CVE-2019-11543 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-08-04 | 6.1 Medium |
| XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | ||||
| CVE-2019-11542 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-08-04 | 7.2 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. | ||||
| CVE-2019-11541 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-04 | 7.5 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. | ||||
| CVE-2019-11538 | 1 Ivanti | 1 Connect Secure | 2024-08-04 | 7.7 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. | ||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-08-04 | 7.2 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | ||||