Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 77 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-19 | CVE-2023-46258 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46259 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46260 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46261 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46263 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46264 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | Avalanche | 9.8 | ||
| 2023-12-19 | CVE-2023-46803 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | Avalanche | 7.5 | ||
| 2023-08-10 | CVE-2023-32567 | Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 | Avalanche | 9.8 | ||
| 2023-08-10 | CVE-2023-32560 | An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | Avalanche | 9.8 | ||
| 2023-08-10 | CVE-2023-32563 | An unauthenticated attacker could achieve the code execution through a RemoteControl server. | Avalanche | 9.8 |