Filtered by vendor Ivanti
                         Subscriptions
                    
                    
                
                        Filtered by product Avalanche
                         Subscriptions
                    
                    
                
                    Total
                    117 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2023-41725 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High | 
| Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | ||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical | 
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 | ||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical | 
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | ||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical | 
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | ||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical | 
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | ||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High | 
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High | 
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.1 High | 
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | ||||
| CVE-2021-42132 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | ||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | ||||
| CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | ||||
| CVE-2021-42129 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | ||||
| CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical | 
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | ||||
| CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical | 
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | ||||
| CVE-2021-42126 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | ||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | ||||
| CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High | 
| An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | ||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High | 
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | ||||
| CVE-2021-22962 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical | 
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | ||||
| CVE-2020-12442 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical | 
| Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | ||||