Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (501 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9845 1 Ivanti 1 Automation 2024-12-19 7.8 High
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-50331 1 Ivanti 1 Avalanche 2024-12-18 7.5 High
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
CVE-2024-7612 1 Ivanti 1 Endpoint Manager Mobile 2024-12-18 8.8 High
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
CVE-2024-8496 1 Ivanti 1 Workspace Control 2024-12-14 7.8 High
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2023-39340 1 Ivanti 1 Connect Secure 2024-11-27 7.5 High
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
CVE-2023-46260 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-27 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46217 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-27 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2024-11007 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-22 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-29846 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29830 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29829 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29828 1 Ivanti 1 Endpoint Manager 2024-11-21 8.0 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE-2024-29827 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29826 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29825 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29823 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29822 1 Ivanti 1 Endpoint Manager 2024-11-21 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-22053 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 8.2 High
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
CVE-2024-22052 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 7.5 High
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
CVE-2024-22023 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 5.3 Medium
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.