Filtered by vendor Ivanti Subscriptions
Filtered by product Avalanche Subscriptions
Total 88 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-46224 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46223 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46222 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46221 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46220 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46216 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-41727 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-41726 1 Ivanti 1 Avalanche 2024-11-21 7.8 High
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
CVE-2023-41725 1 Ivanti 1 Avalanche 2024-11-21 7.8 High
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVE-2023-41474 1 Ivanti 1 Avalanche 2024-11-21 6.5 Medium
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
CVE-2023-32567 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
CVE-2023-32566 1 Ivanti 1 Avalanche 2024-11-21 9.1 Critical
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVE-2023-32565 1 Ivanti 1 Avalanche 2024-11-21 9.1 Critical
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVE-2023-32564 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVE-2023-32563 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVE-2023-32562 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
CVE-2023-32561 1 Ivanti 1 Avalanche 2024-11-21 7.5 High
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVE-2023-32560 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVE-2023-28128 1 Ivanti 1 Avalanche 2024-11-21 7.2 High
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
CVE-2023-28127 1 Ivanti 1 Avalanche 2024-11-21 7.5 High
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.