Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-39336 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication.
low complexity
ivanti CWE-89
8.8
2023-12-19 CVE-2021-22962 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-12-19 CVE-2023-41727 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46216 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46217 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46220 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46221 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46222 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46223 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46224 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8