Filtered by vendor Ivanti
Subscriptions
Total
388 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22059 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | N/A |
| A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | ||||
| CVE-2024-22060 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | 4.9 Medium |
| An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | ||||
| CVE-2024-37400 | 1 Ivanti | 1 Connect Secure | 2025-06-27 | N/A |
| An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | ||||
| CVE-2024-38654 | 1 Ivanti | 1 Secure Access Client | 2025-06-27 | N/A |
| Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | ||||
| CVE-2024-38655 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-27 | 7.2 High |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-38656 | 1 Ivanti | 3 Automation, Connect Secure, Policy Secure | 2025-06-27 | 9.1 Critical |
| Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-22058 | 1 Ivanti | 1 Endpoint Manager | 2025-06-20 | N/A |
| A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | ||||
| CVE-2023-46810 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2025-06-20 | N/A |
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. | ||||
| CVE-2023-38042 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-06-20 | N/A |
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | ||||
| CVE-2024-10811 | 1 Ivanti | 1 Endpoint Manager | 2025-06-17 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2023-46806 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A |
| An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | ||||
| CVE-2023-46807 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A |
| An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | ||||
| CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | 7.8 High |
| An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||
| CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.2 High |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | ||||
| CVE-2024-44104 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44103 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-41474 | 1 Ivanti | 1 Avalanche | 2025-06-12 | 6.5 Medium |
| Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | ||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | 8.8 High |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | ||||