Avalanche
Products
3- 8 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46264 | Cri | 0.71 | 9.8 | 0.90 | Dec 19, 2023 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | ||
| CVE-2023-46263 | Cri | 0.70 | 9.8 | 0.82 | Dec 19, 2023 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | ||
| CVE-2023-46217 | Cri | 0.67 | 9.8 | 0.36 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46261 | Cri | 0.65 | 9.8 | 0.11 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46220 | Cri | 0.65 | 9.8 | 0.11 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46265 | Cri | 0.64 | 9.8 | 0.04 | Dec 19, 2023 | An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | ||
| CVE-2023-46223 | Cri | 0.64 | 9.8 | 0.07 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46222 | Cri | 0.64 | 9.8 | 0.07 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46221 | Cri | 0.64 | 9.8 | 0.07 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||
| CVE-2023-46804 | Hig | 0.49 | 7.5 | 0.04 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | ||
| CVE-2023-46803 | Hig | 0.49 | 7.5 | 0.04 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). |
- risk 0.71cvss 9.8epss 0.90
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
- risk 0.70cvss 9.8epss 0.82
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
- risk 0.67cvss 9.8epss 0.36
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.65cvss 9.8epss 0.11
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.65cvss 9.8epss 0.11
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.64cvss 9.8epss 0.04
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
- risk 0.64cvss 9.8epss 0.07
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.64cvss 9.8epss 0.07
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.64cvss 9.8epss 0.07
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- risk 0.49cvss 7.5epss 0.04
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
- risk 0.49cvss 7.5epss 0.04
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).