Filtered by vendor Ivanti Subscriptions
Filtered by product Avalanche Subscriptions
Total 88 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50331 1 Ivanti 1 Avalanche 2024-12-18 7.5 High
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
CVE-2023-46260 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-27 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46217 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-27 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2024-29848 1 Ivanti 1 Avalanche 2024-11-21 N/A
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVE-2024-27978 1 Ivanti 1 Avalanche 2024-11-21 N/A
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVE-2024-27977 1 Ivanti 1 Avalanche 2024-11-21 N/A
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
CVE-2024-27976 1 Ivanti 1 Avalanche 2024-11-21 N/A
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-27975 1 Ivanti 1 Avalanche 2024-11-21 N/A
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2023-46804 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 7.5 High
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVE-2023-46803 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 7.5 High
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVE-2023-46266 1 Ivanti 1 Avalanche 2024-11-21 9.1 Critical
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
CVE-2023-46265 1 Ivanti 1 Avalanche 2024-11-21 9.8 Critical
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46264 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVE-2023-46263 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
CVE-2023-46262 1 Ivanti 1 Avalanche 2024-11-21 7.5 High
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVE-2023-46261 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46259 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46258 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46257 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46225 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-11-21 9.8 Critical
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.