CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 0CVE-2024-47909
https://notcve.org/view.php?id=CVE-2024-47909
12 Nov 2024 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-47907
https://notcve.org/view.php?id=CVE-2024-47907
12 Nov 2024 — A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47906
https://notcve.org/view.php?id=CVE-2024-47906
12 Nov 2024 — Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 7%CPEs: 2EXPL: 0CVE-2024-9420
https://notcve.org/view.php?id=CVE-2024-9420
12 Nov 2024 — A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution. A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-416: Use After Free •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2024-47905
https://notcve.org/view.php?id=CVE-2024-47905
12 Nov 2024 — A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 66%CPEs: 2EXPL: 1CVE-2024-37404 – Ivanti Connect Secure CRLF Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-37404
18 Oct 2024 — Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. • https://packetstorm.news/files/id/182983 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38551
https://notcve.org/view.php?id=CVE-2023-38551
31 May 2024 — A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Una vulnerabilidad de inyección CRLF en Ivanti Connect Secure (9.x, 22.x) permite a un usuario autenticado con altos privilegios inyectar código malicioso en el navegador de una víctima, lo que lleva a un ataque de cross-site scripting. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.8EPSS: 7%CPEs: 19EXPL: 0CVE-2024-29205
https://notcve.org/view.php?id=CVE-2024-29205
24 Apr 2024 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el componente web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un atacante remoto no autenticado enviar s... • https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 25%CPEs: 60EXPL: 0CVE-2024-21894
https://notcve.org/view.php?id=CVE-2024-21894
04 Apr 2024 — A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code Una vulnerabilidad de desbordamiento de montón en el componente IPSec de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure permite que un usuario malintencionado no autenticado envíe solicitu... • https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 18%CPEs: 60EXPL: 0CVE-2024-22053
https://notcve.org/view.php?id=CVE-2024-22053
04 Apr 2024 — A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Una vulnerabilidad de desbordamiento de montón en el componente IPSec de Ivanti Connect Secure (9.x 22.x) e Ivanti Policy Secure permite que un usuario malintencionado no autenticado envíe solicitudes especialmente ... • https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •