Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-46803 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
network
low complexity
ivanti CWE-787
7.5
2023-12-19 CVE-2023-46804 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
network
low complexity
ivanti CWE-787
7.5
2023-12-16 CVE-2023-39340 Unspecified vulnerability in Ivanti Connect Secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
network
low complexity
ivanti
7.5
2023-12-14 CVE-2023-41719 Unspecified vulnerability in Ivanti Connect Secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
network
low complexity
ivanti
7.2
2023-12-14 CVE-2023-41720 Unspecified vulnerability in Ivanti Connect Secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application.
local
low complexity
ivanti
7.8
2023-11-15 CVE-2023-35080 Unspecified vulnerability in Ivanti Secure Access Client
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
local
low complexity
ivanti
7.8
2023-11-15 CVE-2023-38043 Unspecified vulnerability in Ivanti Secure Access Client
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
local
low complexity
ivanti
7.8
2023-11-15 CVE-2023-38543 Unspecified vulnerability in Ivanti Secure Access Client
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
local
low complexity
ivanti
7.8
2023-11-15 CVE-2023-41718 Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
local
low complexity
ivanti
7.8
2023-11-03 CVE-2022-43554 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8