Filtered by vendor Ivanti
Subscriptions
Total
479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2024-23530 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23529 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23528 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-24994 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-24991 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 6.5 Medium |
| A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | ||||
| CVE-2024-24998 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.2 High |
| An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.1 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | ||||
| CVE-2024-27978 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 6.5 Medium |
| A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | ||||
| CVE-2024-27984 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.1 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | ||||
| CVE-2024-23527 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2023-28323 | 1 Ivanti | 1 Endpoint Manager | 2025-05-05 | 9.8 Critical |
| A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. | ||||
| CVE-2024-37376 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34787 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-34784 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34782 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34781 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||