Filtered by vendor Ivanti
Subscriptions
Total
440 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8296 | 1 Ivanti | 1 Avalanche | 2025-08-15 | 7.2 High |
| SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | ||||
| CVE-2025-8297 | 1 Ivanti | 1 Avalanche | 2025-08-15 | 7.2 High |
| Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | ||||
| CVE-2025-8310 | 1 Ivanti | 1 Virtual Application Delivery Controller | 2025-08-13 | 6.5 Medium |
| Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | ||||
| CVE-2025-5468 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-08-13 | 5.5 Medium |
| Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk. | ||||
| CVE-2025-5456 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-08-13 | 7.5 High |
| A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125 | ||||
| CVE-2025-5466 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-08-13 | 4.9 Medium |
| XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service | ||||
| CVE-2025-5462 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-08-13 | 7.5 High |
| A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. | ||||
| CVE-2023-34298 | 1 Ivanti | 3 Pulse Secure Desktop Client, Pulse Secure Installer Service, Secure Access Client | 2025-08-13 | N/A |
| Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687. | ||||
| CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2025-08-13 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-10256 | 1 Ivanti | 6 Endpoint Manager, Neurons Agent Platform, Neurons For Patch Management and 3 more | 2025-08-12 | 7.1 High |
| Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | ||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | 7.2 High |
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2020-8218 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-07-30 | 7.2 High |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | ||||
| CVE-2024-8540 | 1 Ivanti | 2 Sentry, Standalone Sentry | 2025-07-30 | 8.8 High |
| Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. | ||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-07-30 | 7.2 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | ||||
| CVE-2019-11510 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 10.0 Critical |
| In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | ||||
| CVE-2020-8243 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-30 | 7.2 High |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | ||||
| CVE-2020-8260 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 7.2 High |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | ||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 10 Critical |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | ||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 8.8 High |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||||
| CVE-2021-22899 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 8.8 High |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | ||||