Vulnerabilities > Ivanti > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-04-04 CVE-2024-21894 Out-of-bounds Write vulnerability in Ivanti Connect Secure and Policy Secure
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack.
network
low complexity
ivanti CWE-787
critical
9.8
2024-03-31 CVE-2023-46808 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Neurons for Itsm
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server.
network
low complexity
ivanti CWE-434
critical
9.9
2024-01-12 CVE-2024-21887 Command Injection vulnerability in Ivanti Connect Secure and Policy Secure
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
network
low complexity
ivanti CWE-77
critical
9.1
2023-12-19 CVE-2021-22962 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-12-19 CVE-2023-41727 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46216 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46217 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46220 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46221 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46222 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8