Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||
| CVE-2023-41725 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | |||||
| CVE-2023-41474 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | |||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. | |||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | |||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-36983 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919. | |||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | |||||
| CVE-2021-42132 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
| CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | |||||
| CVE-2021-42129 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
| CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | |||||
| CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | |||||
| CVE-2021-42126 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||