Avalanche Security Vulnerabilities and Issues — Page 3 of Avalanche CVE List

Lucene search

IvantiAvalanche

115 matches found

CVE•added 2021/12/07 2:15 p.m.•28 views

CVE-2021-42128

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

9.8CVSS9.4AI score0.21348EPSS

CVE•added 2021/12/07 2:15 p.m.•28 views

CVE-2021-42130

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

8.8CVSS8.9AI score0.54257EPSS

CVE•added 2023/12/19 4:15 p.m.•28 views

CVE-2023-46224

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.03245EPSS

CVE•added 2023/12/19 4:15 p.m.•27 views

CVE-2023-46261

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2021/12/07 2:15 p.m.•26 views

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

8.1CVSS8AI score0.03584EPSS

CVE•added 2023/12/19 4:15 p.m.•26 views

CVE-2023-46265

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

9.8CVSS6.4AI score0.01697EPSS

CVE•added 2023/12/19 4:15 p.m.•25 views

CVE-2023-46220

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•24 views

CVE-2023-46223

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.03245EPSS

CVE•added 2023/12/19 4:15 p.m.•23 views

CVE-2023-46217

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.03245EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46259

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46260

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS7.8AI score0.01855EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46266

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

9.1CVSS7.1AI score0.00928EPSS

CVE•added 2023/12/19 4:15 p.m.•19 views

CVE-2023-46221

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•19 views

CVE-2023-46225

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01943EPSS

CVE•added 2025/07/12 4:15 a.m.•18 views

CVE-2023-38036

A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.

9.8CVSS7.9AI score0.00753EPSS

Total number of security vulnerabilities115