Avalanche@* Security Vulnerabilities and Issues — Page 3 of Avalanche@* CVE List

Lucene search

IvantiAvalanche*

114 matches found

CVE•added 2023/12/19 4:15 p.m.•27 views

CVE-2023-46261

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2021/12/07 2:15 p.m.•26 views

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

8.1CVSS8AI score0.03584EPSS

CVE•added 2023/12/19 4:15 p.m.•26 views

CVE-2023-46265

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

9.8CVSS6.4AI score0.01697EPSS

CVE•added 2023/12/19 4:15 p.m.•25 views

CVE-2023-46220

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•24 views

CVE-2023-46223

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.03245EPSS

CVE•added 2023/12/19 4:15 p.m.•23 views

CVE-2023-46217

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.03245EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46259

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46260

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS7.8AI score0.01855EPSS

CVE•added 2023/12/19 4:15 p.m.•22 views

CVE-2023-46266

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

9.1CVSS7.1AI score0.00928EPSS

CVE•added 2025/07/12 4:15 a.m.•19 views

CVE-2023-38036

A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.

9.8CVSS7.9AI score0.01085EPSS

CVE•added 2023/12/19 4:15 p.m.•19 views

CVE-2023-46221

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 2023/12/19 4:15 p.m.•19 views

CVE-2023-46225

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

9.8CVSS9.6AI score0.01892EPSS

CVE•added 4 days ago•6 views

CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

7.2CVSS8.9AI score0.0084EPSS

CVE•added 4 days ago•5 views

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution

7.2CVSS7.8AI score0.0084EPSS

Total number of security vulnerabilities114