Filtered by vendor Ivanti
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34780 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2016-3147 | 1 Ivanti | 1 Landesk Management Suite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | |||||
| CVE-2017-11455 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
| CVE-2016-4786 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
| CVE-2016-4787 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 6.4 MEDIUM | 10.0 CRITICAL |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | |||||
| CVE-2016-4791 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 6.4 MEDIUM | 8.6 HIGH |
| The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2016-4792 | 1 Ivanti | 1 Connect Secure | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | |||||
| CVE-2016-4789 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4790 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 3.5 LOW | 5.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4788 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | 5.0 MEDIUM | 5.8 MEDIUM |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||||
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2025-03-25 | N/A | 5.5 MEDIUM |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | |||||
| CVE-2024-36132 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-19 | N/A | 7.5 HIGH |
| Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | |||||
| CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | N/A | 9.8 CRITICAL |
| An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | |||||
| CVE-2024-22026 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | N/A | 6.7 MEDIUM |
| A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | |||||
| CVE-2024-9420 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-03-13 | N/A | 8.8 HIGH |
| A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | |||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-03-07 | N/A | 7.0 HIGH |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | |||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||