Vulnerabilities > Ivanti > Avalanche

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-46225 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46257 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46258 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46259 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46260 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46261 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46262 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche 6.3.2
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
network
low complexity
ivanti CWE-918
7.5
7.5
2023-12-19 CVE-2023-46263 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
network
low complexity
ivanti CWE-434
critical
 9.8
9.8
2023-12-19 CVE-2023-46264 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
network
low complexity
ivanti CWE-434
critical
 9.8
9.8
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
 9.8
9.8