CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2023-38036
https://notcve.org/view.php?id=CVE-2023-38036
12 Jul 2025 — A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Avalanche-CVE-2023-38036 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 74%CPEs: 1EXPL: 1CVE-2023-41474
https://notcve.org/view.php?id=CVE-2023-41474
25 Jan 2024 — Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. La vulnerabilidad de directory traversal en Ivanti Avalanche 6.3.4.153 permite a un atacante remoto autenticado obtener información confidencial a través del componente javax.faces.resource. • https://github.com/JBalanza/CVE-2023-41474 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46220 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46220
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46261 – Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46261
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46266 – Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-46266
19 Dec 2023 — An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Un atacante puede enviar una solicitud especialmente manipulada que podría provocar una fuga de datos confidenciales o potencialmente un ataque DoS basado en recursos. This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46260 – Ivanti Avalanche WLAvalancheService TV_NL Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-46260
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. A... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46258 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46258
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46803 – Ivanti Avalanche WLAvalancheService Divide By Zero Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-46803
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit th... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 65%CPEs: 2EXPL: 0CVE-2023-46264 – Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46264
19 Dec 2023 — An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Existe una carga sin restricciones de archivos con una vulnerabilidad de tipo peligroso en las versiones 6.4.1 e inferiores de Avalanche que podría permitir a un atacante lograr la ejecución de eliminación de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Auth... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2023-46224 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46224
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •