High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-07	CVE-2021-42124	Unspecified vulnerability in Ivanti Avalanche An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. network low complexity ivanti	8.8
2021-12-07	CVE-2021-42125	Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. network low complexity ivanti CWE-434	8.8
2021-12-07	CVE-2021-42126	Unspecified vulnerability in Ivanti Avalanche An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. network low complexity ivanti	8.8
2021-12-07	CVE-2021-42129	Command Injection vulnerability in Ivanti Avalanche A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. network low complexity ivanti CWE-77	8.8
2021-12-07	CVE-2021-42130	Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. network low complexity ivanti CWE-502	8.8
2021-12-07	CVE-2021-42131	SQL Injection vulnerability in Ivanti Avalanche A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. network low complexity ivanti CWE-89	8.8
2021-12-07	CVE-2021-42132	Command Injection vulnerability in Ivanti Avalanche A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. network low complexity ivanti CWE-77	8.8
2021-12-07	CVE-2021-42133	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. network low complexity ivanti CWE-829	8.1
2021-11-19	CVE-2021-22965	Resource Exhaustion vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. network low complexity pulsesecure ivanti CWE-400	7.5
2021-09-01	CVE-2021-36235	Unspecified vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.6.30.0. local low complexity ivanti	7.8