Filtered by vendor Ivanti
Subscriptions
Filtered by product Avalanche
Subscriptions
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-50331 | 1 Ivanti | 1 Avalanche | 2024-12-18 | 7.5 High |
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | ||||
CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-27978 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | ||||
CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | ||||
CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-27975 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 7.5 High |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | ||||
CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 7.5 High |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | ||||
CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical |
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | ||||
CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | ||||
CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | ||||
CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | ||||
CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High |
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | ||||
CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46225 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |