Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-11 | CVE-2024-10251 | Incorrect Default Permissions vulnerability in Ivanti Security Controls Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-8496 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-9845 | Incorrect Default Permissions vulnerability in Ivanti Automation Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-11-13 | CVE-2024-29211 | Race Condition vulnerability in Ivanti Secure Access Client A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | 4.7 |
| 2024-11-13 | CVE-2024-37398 | Unspecified vulnerability in Ivanti Secure Access Client Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-12 | CVE-2024-11007 | OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-47905 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | 4.9 |
| 2024-11-12 | CVE-2024-47907 | Out-of-bounds Write vulnerability in Ivanti Connect Secure A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-47909 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | 4.9 |
| 2024-11-12 | CVE-2024-50317 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |