Filtered by vendor Ivanti
Subscriptions
Filtered by product Connect Secure
Subscriptions
Total
132 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4791 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | N/A |
| The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | ||||
| CVE-2024-11004 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-04-04 | 6.1 Medium |
| Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | ||||
| CVE-2024-9420 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-03-13 | 8.8 High |
| A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | ||||
| CVE-2024-13842 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | 6 Medium |
| A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | ||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | 6 Medium |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | ||||
| CVE-2025-22467 | 1 Ivanti | 1 Connect Secure | 2025-02-20 | 9.9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2024-13830 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-13 | 6.1 Medium |
| Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | ||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 7.8 High |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | ||||
| CVE-2024-11005 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-11006 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-8495 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 7.5 High |
| A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-9844 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | 7.1 High |
| Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | ||||
| CVE-2024-11633 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | 9.1 Critical |
| Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | ||||
| CVE-2024-11634 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) | ||||
| CVE-2025-0283 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-01-14 | 7 High |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2024-11-27 | 7.5 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | ||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 9.1 Critical |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-29205 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | N/A |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. | ||||
| CVE-2024-22053 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 8.2 High |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. | ||||
| CVE-2024-22052 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 7.5 High |
| A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack | ||||