📦 Avalanche

This is a critical buffer overflow vulnerability in Ivanti Avalanche Manager that allows unauthenticated attackers to potentially execute arbitrary code or cause service disruption. It affects all Iva...

This vulnerability allows remote unauthenticated attackers to delete arbitrary files on Ivanti Avalanche servers through path traversal in the skin management component. This can lead to denial of ser...

A heap overflow vulnerability in the WLAvalancheService component of Ivanti Avalanche allows remote unauthenticated attackers to execute arbitrary commands. This affects Ivanti Avalanche versions befo...

This is a critical heap overflow vulnerability in Ivanti Avalanche's WLInfoRailService component that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. It affe...

A heap overflow vulnerability in the WLInfoRailService component of Ivanti Avalanche allows remote unauthenticated attackers to execute arbitrary commands on affected systems. This affects Ivanti Aval...

This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted data packets that cause memory corruption, potentially leading to denial of service or remote code ex...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Avalanche versions 6.4.1 and below, putting organizations using this en...

This critical vulnerability allows unauthenticated attackers to exploit an XML External Entity (XXE) vulnerability in the Smart Device Server, potentially leading to data leakage or Server-Side Reques...

This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially leading to remote code execution or denial of servi...

This critical vulnerability in Mobile Device Server allows remote attackers to send specially crafted packets that cause memory corruption, potentially leading to denial of service or remote code exec...

CVE-2023-46259 is a critical memory corruption vulnerability in the Mobile Device Server component of Ivanti Avalanche. Attackers can send specially crafted packets to trigger memory corruption, poten...

CVE-2023-46216 is a critical memory corruption vulnerability in the Mobile Device Server component of Ivanti Avalanche. Attackers can send specially crafted packets to trigger denial of service or pot...

This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially leading to denial of service or remote code executi...

This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially leading to remote code execution or denial of servi...

This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially leading to remote code execution or denial of servi...

CVE-2021-22962 is a vulnerability in Ivanti Avalanche that allows attackers to send specially crafted requests leading to sensitive data leakage or resource-based denial-of-service attacks. This affec...

This vulnerability in Wavelink Avalanche Manager allows an attacker to send a specially crafted message, potentially leading to service disruption or arbitrary code execution. It affects systems runni...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects all Avalanche versions 6.3.x and below. Attackers can compromise the en...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Ivanti Avalanche versions 6.4.1 and earlier. Attackers can potentially ...

CVE-2023-32566 is a vulnerability in Ivanti Avalanche that allows attackers to send specially crafted requests leading to sensitive data leakage or resource-based denial-of-service attacks. This affec...

This SQL injection vulnerability in Ivanti Avalanche allows authenticated admin users to execute arbitrary SQL queries, potentially leading to remote code execution. Organizations using Ivanti Avalanc...

CVE-2024-13180 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to access sensitive files and information. This affects Ivanti Avalanche versions befo...

CVE-2024-13181 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to bypass authentication mechanisms. This affects Ivanti Avalanche versions before 6.4...

An infinite loop vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects all Ivanti Avalanche installations before ve...

A null pointer dereference vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. This affects all Ivanti Avalanche installations be...

CVE-2024-50319 is an infinite loop vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects all Ivanti Avalanche ...

CVE-2024-47010 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to bypass authentication mechanisms. This affects all Ivanti Avalanche installations b...

This Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to make the server send requests to internal systems, potentially exposing sensitive i...

An off-by-one error in WLInfoRailService in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. This affects Ivanti Avalanche 6.3.1 installations,...

This vulnerability allows remote unauthenticated attackers to cause a denial of service (DoS) by crashing the WLAvalancheService in Ivanti Avalanche. The NULL pointer dereference can be triggered with...

This vulnerability allows authenticated privileged users in Ivanti Avalanche to upload arbitrary files, leading to remote code execution with SYSTEM privileges. It affects Ivanti Avalanche web compone...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions b...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to delete specific files or cause denial of service. It affects Ivanti Avalanche versions be...

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Att...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions b...

This vulnerability allows authenticated remote attackers to upload malicious files to Ivanti Avalanche web components, leading to arbitrary command execution with SYSTEM privileges. It affects Ivanti ...

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Att...

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Att...

An out-of-bounds read vulnerability in Ivanti Avalanche's WLAvalancheService component allows unauthenticated remote attackers to read sensitive information from memory. This affects Ivanti Avalanche ...

An unauthenticated remote attacker can exploit an out-of-bounds read vulnerability in Ivanti Avalanche's WLAvalancheService component to read sensitive information from memory. This affects Ivanti Ava...

An authenticated remote attacker can exploit an out-of-bounds read vulnerability in the WLAvalancheService component of Ivanti Avalanche to cause denial of service. In some conditions, this may also l...

This vulnerability allows attackers to send specially crafted data packets to the Mobile Device Server, causing memory corruption that can lead to Denial of Service (DoS). Organizations using Ivanti A...

CVE-2023-41726 is a local privilege escalation vulnerability in Ivanti Avalanche caused by incorrect default permissions. An authenticated local attacker can exploit this to gain SYSTEM/root privilege...

CVE-2022-43554 is a local privilege escalation vulnerability in Ivanti Avalanche Smart Device Service where missing authentication allows local attackers to execute arbitrary code with SYSTEM privileg...

This path traversal vulnerability in Ivanti Avalanche allows attackers to access arbitrary files on the server by manipulating file path parameters. It affects all Avalanche versions 6.3.x and below, ...

This authentication bypass vulnerability in Ivanti Avalanche allows remote attackers to gain unauthorized access to the EnterpriseServer service. Attackers with existing authentication credentials can...

This vulnerability in Ivanti Avalanche allows authenticated remote attackers to bypass authentication mechanisms and execute arbitrary code via insecure deserialization in the JwtTokenUtility class. A...

CVE-2021-30497 is an absolute path traversal vulnerability in Ivanti Avalanche (Premise) that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability exists in...

This vulnerability allows an attacker with access to the Inforail Service in Ivanti Avalanche to perform session takeover, potentially gaining unauthorized access to the system. It affects Ivanti Aval...

This vulnerability allows an attacker with access to the Inforail Service in Ivanti Avalanche to escalate privileges, potentially gaining administrative control. It affects Ivanti Avalanche users runn...

This command injection vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to execute arbitrary commands on the system. Organizations running Ivanti Avalanche versio...

This SQL injection vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to execute arbitrary SQL commands, potentially leading to privilege escalation. It affects Iva...

This vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to write arbitrary files to the system. This could lead to remote code execution, data manipulation, or syst...