Vulnerabilities > Ivanti > Avalanche

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-46260 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46261 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46262 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
network
low complexity
ivanti CWE-918
7.5
2023-12-19 CVE-2023-46263 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2023-12-19 CVE-2023-46264 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
9.8
2023-12-19 CVE-2023-46266 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-12-19 CVE-2023-46803 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
network
low complexity
ivanti CWE-787
7.5
2023-12-19 CVE-2023-46804 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
network
low complexity
ivanti CWE-787
7.5
2023-11-03 CVE-2022-43554 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8