Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-46804 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
| 2023-12-16 | CVE-2023-39340 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | 7.5 |
| 2023-12-14 | CVE-2023-41719 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. | 7.2 |
| 2023-12-14 | CVE-2023-41720 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. | 7.8 |
| 2023-11-15 | CVE-2023-35080 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | 7.8 |
| 2023-11-15 | CVE-2023-38043 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | 7.8 |
| 2023-11-15 | CVE-2023-38543 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | 7.8 |
| 2023-11-15 | CVE-2023-41718 | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | 7.8 |
| 2023-11-03 | CVE-2022-43554 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-43555 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |