Vulnerabilidades en ivanti
376 resultadosCVE-2023-39337—A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier tEPSS 1.9%CVE-2024-23530MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unaEPSS 1.9%CVE-2024-23529MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unaEPSS 1.9%CVE-2024-23528MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unaEPSS 1.9%CVE-2024-23526MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unaEPSS 1.9%CVE-2025-22462CRITICALAn authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows EPSS 1.9%CVE-2024-38649HIGHAn out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated atEPSS 1.9%CVE-2024-11634CRITICALCommand injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authentiEPSS 1.8%CVE-2023-38036CRITICALA security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overfEPSS 1.8%CVE-2024-8321MEDIUMMissing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attaEPSS 1.8%CVE-2024-27977HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary EPSS 1.8%CVE-2024-23532HIGHAn out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attackerEPSS 1.8%CVE-2024-27984HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific tEPSS 1.8%CVE-2024-38656CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a rEPSS 1.7%CVE-2024-38655CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18EPSS 1.7%CVE-2024-39712CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a rEPSS 1.7%CVE-2024-39711CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a EPSS 1.7%CVE-2024-24991MEDIUMA Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attEPSS 1.7%CVE-2024-27978MEDIUMA Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attEPSS 1.7%CVE-2024-50328HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.7%