Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 77 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-11-03 | CVE-2023-41726 | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | Avalanche | 7.8 | ||
2023-11-03 | CVE-2022-43554 | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | Avalanche | 7.8 | ||
2023-11-03 | CVE-2023-41725 | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | Avalanche | 7.8 | ||
2023-11-03 | CVE-2022-43555 | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | Avalanche | 7.8 | ||
2024-08-14 | CVE-2024-36136 | An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | Avalanche | 7.5 | ||
2024-08-14 | CVE-2024-37373 | Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | Avalanche | 7.2 | ||
2024-08-14 | CVE-2024-37399 | A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | Avalanche | 7.5 | ||
2024-08-14 | CVE-2024-38652 | Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | Avalanche | 9.1 | ||
2024-08-14 | CVE-2024-38653 | XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | Avalanche | 7.5 | ||
2023-12-19 | CVE-2023-46223 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | Avalanche | 9.8 |