Vulnerabilities > Ivanti > Avalanche > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-36136 | Off-by-one Error vulnerability in Ivanti Avalanche An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
| 2024-08-14 | CVE-2024-37373 | Unspecified vulnerability in Ivanti Avalanche Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | 7.2 |
| 2024-08-14 | CVE-2024-37399 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
| 2024-08-14 | CVE-2024-38653 | XXE vulnerability in Ivanti Avalanche XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | 7.5 |
| 2023-12-19 | CVE-2023-46262 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | 7.5 |
| 2023-12-19 | CVE-2023-46803 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
| 2023-12-19 | CVE-2023-46804 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
| 2023-11-03 | CVE-2022-43554 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-43555 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2023-41725 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 7.8 |