Filtered by vendor Ivanti Subscriptions

Search

Switch to Advanced Search (Beta)
Total 345 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-4792 1 Ivanti 1 Connect Secure 2024-11-21 N/A
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.
CVE-2016-4791 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
CVE-2016-4790 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4789 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4788 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
CVE-2016-4787 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
CVE-2016-4786 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 N/A
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2016-3147 1 Ivanti 1 Landesk Management Suite 2024-11-21 9.8 Critical
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.
CVE-2024-47909 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-19 4.9 Medium
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-50330 1 Ivanti 1 Endpoint Manager 2024-11-19 9.8 Critical
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-50329 1 Ivanti 1 Endpoint Manager 2024-11-19 8.8 High
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2024-50324 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50323 1 Ivanti 1 Endpoint Manager 2024-11-19 7.8 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-34784 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32847 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32844 1 Ivanti 1 Epm 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50326 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34782 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50328 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34781 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.