Filtered by vendor Ivanti
Subscriptions
Filtered by product Avalanche
Subscriptions
Total
77 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36971 | 1 Ivanti | 1 Avalanche | 2024-08-03 | 8.8 High |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301. | ||||
CVE-2022-36982 | 1 Ivanti | 1 Avalanche | 2024-08-03 | 7.5 High |
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967. | ||||
CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 7.5 High |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | ||||
CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 7.5 High |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | ||||
CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2024-08-02 | 9.1 Critical |
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | ||||
CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2024-08-02 | 7.5 High |
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | ||||
CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | ||||
CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46223 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46222 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46216 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46225 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46221 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-46220 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |