CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50322 – Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50322
12 Nov 2024 — Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is requir... • https://https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50331
https://notcve.org/view.php?id=CVE-2024-50331
12 Nov 2024 — An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-50321 – Ivanti Avalanche WLAvalancheService TV_FP Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50321
12 Nov 2024 — An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. The issue results from a lack of a proper exit condition in a loop. An attacker can leverage... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-50320 – Ivanti Avalanche WLAvalancheService TV_FC Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50320
12 Nov 2024 — An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. The issue results from a lack of a proper exit condition in a loop. An attacker can leverage... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-50319 – Ivanti Avalanche WLAvalancheService TV_FN Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50319
12 Nov 2024 — An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. The issue results from a lack of a proper exit condition in a loop. An attacker can leverage... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2024-50318 – Ivanti Avalanche WLAvalancheService TV_FP Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50318
12 Nov 2024 — A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. The issue results from dereferencing a null pointer. An attacker can leverage this... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2024-50317 – Ivanti Avalanche WLAvalancheService TV_FN Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-50317
12 Nov 2024 — A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default. The issue results from dereferencing a null pointer. An attacker can leverage this... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29213
https://notcve.org/view.php?id=CVE-2024-29213
18 Oct 2024 — Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. • https://forums.ivanti.com/s/article/SA-2024-07-12-CVE-2024-29213 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29821
https://notcve.org/view.php?id=CVE-2024-29821
18 Oct 2024 — Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. • https://forums.ivanti.com/s/article/SA-2024-07-12-CVE-2024-29821 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 78%CPEs: 2EXPL: 1CVE-2024-37404 – Ivanti Connect Secure CRLF Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-37404
18 Oct 2024 — Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. • https://packetstorm.news/files/id/182983 •