Avalanche

avalanche

Vendor: Ivanti • 117 CVEs

CVEs (117)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-8297 1Ivanti 1Avalanche Aug 15, 2025 Aug 12, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVE-2025-8296 1Ivanti 1Avalanche Aug 15, 2025 Aug 12, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code executio...Show more SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code executionShow less
CVE-2023-38036 1Ivanti 1Avalanche Jul 17, 2025 Jul 12, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
CVE-2024-13181 1Ivanti 1Avalanche Jan 16, 2025 Jan 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
CVE-2024-13180 1Ivanti 1Avalanche Jan 16, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
CVE-2024-13179 1Ivanti 1Avalanche Jan 16, 2025 Jan 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-50331 1Ivanti 1Avalanche Dec 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
CVE-2024-50321 1Ivanti 1Avalanche Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50320 1Ivanti 1Avalanche Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50319 1Ivanti 1Avalanche Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50318 1Ivanti 1Avalanche Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50317 1Ivanti 1Avalanche Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47011 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVE-2024-47010 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47009 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47008 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-47007 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-38653 1Ivanti 1Avalanche Aug 15, 2024 Aug 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-38652 1Ivanti 1Avalanche Aug 15, 2024 Aug 14, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVE-2024-37399 1Ivanti 1Avalanche Aug 15, 2024 Aug 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

12 3 4 5 6 Next