Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-10651 | Unspecified vulnerability in Ivanti Endpoint Manager 2017.3/2018.1/2018.3 An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. | 7.5 |
| 2019-06-28 | CVE-2018-20814 | Cross-site Scripting vulnerability in multiple products An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 6.1 |
| 2019-06-28 | CVE-2018-20813 | Improper Input Validation vulnerability in Ivanti Connect Secure 8.3 An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | 9.8 |
| 2019-06-28 | CVE-2018-20811 | Information Exposure vulnerability in Ivanti Connect Secure 8.1/8.3 A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | 5.3 |
| 2019-06-28 | CVE-2018-20810 | Inadequate Encryption Strength vulnerability in multiple products Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 9.8 |
| 2019-06-28 | CVE-2018-20809 | Improper Input Validation vulnerability in multiple products A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. | 7.5 |
| 2019-06-28 | CVE-2018-20808 | Cross-site Scripting vulnerability in Ivanti Connect Secure 8.3 An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. | 6.1 |
| 2019-06-28 | CVE-2018-20807 | Cross-site Scripting vulnerability in Ivanti Connect Secure 8.1/8.2/8.3 An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly. | 6.1 |
| 2019-06-19 | CVE-2019-11478 | Resource Exhaustion vulnerability in multiple products Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. | 7.5 |
| 2019-06-19 | CVE-2019-11477 | Integer Overflow or Wraparound vulnerability in multiple products Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). | 7.5 |