Skip to main content

Avalanche

99 CVEs product

Monthly

CVE-2025-8297 HIGH This Week

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.2
EPSS
9.3%
CVE-2025-8296 HIGH This Week

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Ivanti Avalanche
NVD
CVSS 3.1
7.2
EPSS
5.3%
CVE-2023-38036 CRITICAL PATCH Act Now

CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.

RCE Buffer Overflow Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-13181 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-13180 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-13179 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-50331 HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50321 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50320 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
31.2%
CVE-2024-50319 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50318 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50317 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-47011 HIGH This Week

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
57.0%
CVE-2024-47010 CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.0%
CVE-2024-47009 CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-47008 HIGH This Week

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
46.6%
CVE-2024-47007 HIGH This Week

A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-38653 HIGH POC THREAT This Week

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
7.5
EPSS
92.0%
CVE-2024-38652 CRITICAL Act Now

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
9.1
EPSS
7.6%
CVE-2024-37399 HIGH This Week

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
27.8%
CVE-2024-37373 HIGH This Week

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-36136 HIGH This Week

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-29848 HIGH This Week

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
7.2
EPSS
64.4%
CVE-2024-23527 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-29204 CRITICAL Act Now

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-27984 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.1
EPSS
1.8%
CVE-2024-27978 MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-27977 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2024-27976 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-27975 HIGH This Week

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Ivanti Memory Corruption Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-25000 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-24999 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-24998 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-24997 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-24996 CRITICAL Act Now

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
32.2%
CVE-2024-24995 HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-24994 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
68.1%
CVE-2024-24993 HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-24992 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
70.9%
CVE-2024-24991 MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-23535 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
68.1%
CVE-2024-23534 HIGH This Week

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-23533 MEDIUM This Month

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-23532 HIGH This Week

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Buffer Overflow RCE Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-23531 HIGH This Week

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-23530 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23529 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23528 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23526 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-22061 CRITICAL Act Now

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-46804 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46803 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46266 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
3.5%
CVE-2023-46265 CRITICAL Act Now

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-46264 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-46263 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
81.9%
CVE-2023-46262 HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
82.8%
CVE-2023-46261 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46260 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2023-46259 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46258 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46257 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46225 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46224 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46223 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46222 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46221 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46220 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46217 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-46216 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-41727 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-41726 HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41725 HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32565 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2023-32564 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
37.4%
CVE-2023-32563 CRITICAL POC THREAT Act Now

An unauthenticated attacker could achieve the code execution through a RemoteControl server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-32562 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.4%
CVE-2023-32561 HIGH This Week

A previously generated artifact by an administrator could be accessed by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-32560 CRITICAL POC THREAT Emergency

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Avalanche
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-32567 CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-32566 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2023-28128 HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
CVSS 3.1
7.2
EPSS
84.7%
CVE-2023-28127 HIGH This Week

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avalanche
NVD
CVSS 3.1
7.5
EPSS
58.6%
CVE-2023-28126 MEDIUM This Month

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
CVSS 3.1
5.9
EPSS
66.7%
CVE-2023-28125 MEDIUM This Month

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2021-42133 HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-42132 HIGH This Week

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
70.1%
CVE-2021-42131 HIGH This Week

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
66.5%
CVE-2021-42130 HIGH This Week

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
62.2%
CVE-2021-42129 HIGH This Week

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
77.3%
EPSS 9% CVSS 7.2
HIGH This Week

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Ivanti +1
NVD
EPSS 5% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Ivanti +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.

RCE Buffer Overflow Ivanti +2
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 3% CVSS 7.5
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 31% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 57% CVSS 7.5
HIGH This Week

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 38% CVSS 9.8
CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 47% CVSS 7.5
HIGH This Week

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 92% CVSS 7.5
HIGH POC THREAT This Week

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
EPSS 8% CVSS 9.1
CRITICAL Act Now

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service +1
NVD
EPSS 28% CVSS 7.5
HIGH This Week

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 64% CVSS 7.2
HIGH This Week

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Ivanti +2
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 32% CVSS 9.8
CRITICAL Act Now

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
EPSS 68% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
EPSS 71% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 68% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Ivanti Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
EPSS 4% CVSS 7.5
HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Avalanche
NVD
EPSS 90% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 82% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 83% CVSS 7.5
HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 10% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 36% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 36% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 36% CVSS 9.8
CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
EPSS 37% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 90% CVSS 9.8
CRITICAL POC THREAT Act Now

An unauthenticated attacker could achieve the code execution through a RemoteControl server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Avalanche
NVD
EPSS 38% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A previously generated artifact by an administrator could be accessed by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Avalanche
NVD
EPSS 99% CVSS 9.8
CRITICAL POC THREAT Emergency

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
EPSS 85% CVSS 7.2
HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
EPSS 59% CVSS 7.5
HIGH This Week

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avalanche
NVD
EPSS 67% CVSS 5.9
MEDIUM This Month

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
EPSS 3% CVSS 8.1
HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
EPSS 70% CVSS 8.8
HIGH This Week

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
EPSS 67% CVSS 8.8
HIGH This Week

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Ivanti +1
NVD
EPSS 62% CVSS 8.8
HIGH This Week

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti +1
NVD
EPSS 77% CVSS 8.8
HIGH This Week

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy