Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*
part: a version: * update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Avalanche (406230a0-8d9b-526f-88b7-0c6e48e09b64) |
| Edition | * |
| Language | * |
| Software edition | premise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8297 |
vulnerable | 2026-06-03 15:13:43.316644 |
Details available
HIGH (7.2)
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Published: 2025-08-12T14:37:23.954Z
Updated: 2026-02-26T17:49:41.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8296 |
vulnerable | 2026-06-03 15:13:43.315929 |
Details available
HIGH (7.2)
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
Published: 2025-08-12T14:33:47.566Z
Updated: 2026-02-26T17:49:42.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50331 |
vulnerable | 2026-06-03 14:57:23.988355 |
Details available
HIGH (7.5)
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
Published: 2024-11-12T15:34:00.342Z
Updated: 2024-11-12T18:48:08.968Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50321 |
vulnerable | 2026-06-03 14:57:23.974908 |
Details available
HIGH (7.5)
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T15:33:32.796Z
Updated: 2024-11-12T18:49:52.819Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50320 |
vulnerable | 2026-06-03 14:57:23.974426 |
Details available
HIGH (7.5)
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T15:32:52.112Z
Updated: 2024-11-12T18:57:00.316Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50319 |
vulnerable | 2026-06-03 14:57:23.973952 |
Details available
HIGH (7.5)
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T15:32:20.257Z
Updated: 2024-11-13T15:43:27.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50318 |
vulnerable | 2026-06-03 14:57:23.973574 |
Details available
HIGH (7.5)
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T15:30:35.740Z
Updated: 2024-11-12T15:53:11.671Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50317 |
vulnerable | 2026-06-03 14:57:23.972855 |
Details available
HIGH (7.5)
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T15:29:58.447Z
Updated: 2024-11-12T15:54:12.790Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47011 |
vulnerable | 2026-06-03 14:57:00.464862 |
Details available
HIGH (7.5)
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
Published: 2024-10-08T16:30:25.388Z
Updated: 2024-10-08T17:39:16.171Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47010 |
vulnerable | 2026-06-03 14:57:00.464108 |
Details available
HIGH (7.3)
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Published: 2024-10-08T16:29:57.222Z
Updated: 2024-10-08T17:39:47.159Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47009 |
vulnerable | 2026-06-03 14:57:00.463515 |
Details available
HIGH (7.3)
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Published: 2024-10-08T16:28:53.641Z
Updated: 2024-10-08T17:40:31.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47008 |
vulnerable | 2026-06-03 14:57:00.462877 |
Details available
HIGH (7.5)
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
Published: 2024-10-08T16:28:14.887Z
Updated: 2024-10-08T18:45:02.588Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47007 |
vulnerable | 2026-06-03 14:57:00.462062 |
Details available
HIGH (7.5)
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-10-08T16:27:46.696Z
Updated: 2024-10-08T18:46:21.255Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46804 |
vulnerable | 2026-06-03 14:53:16.496340 |
Details available
HIGH (7.5)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
Published: 2023-12-19T15:43:26.303Z
Updated: 2024-08-02T20:53:21.877Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46803 |
vulnerable | 2026-06-03 14:53:16.495323 |
Details available
HIGH (7.5)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
Published: 2023-12-19T15:43:26.341Z
Updated: 2024-08-02T20:53:21.704Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46266 |
vulnerable | 2026-06-03 14:53:09.486721 |
Details available
HIGH (7.3)
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Published: 2023-12-19T15:43:26.348Z
Updated: 2024-08-02T20:37:40.234Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46264 |
vulnerable | 2026-06-03 14:53:09.486030 |
Details available
HIGH (7.2)
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
Published: 2023-12-19T15:43:26.340Z
Updated: 2024-09-04T19:43:27.139Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46263 |
vulnerable | 2026-06-03 14:53:09.482295 |
Details available
HIGH (7.2)
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
Published: 2023-12-19T15:43:26.291Z
Updated: 2024-08-02T20:37:40.211Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46261 |
vulnerable | 2026-06-03 14:53:09.481757 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.352Z
Updated: 2024-08-02T20:37:40.182Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46260 |
vulnerable | 2026-06-03 14:53:09.481448 |
Details available
HIGH (7.5)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.348Z
Updated: 2024-11-27T15:13:51.763Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46259 |
vulnerable | 2026-06-03 14:53:09.481055 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.279Z
Updated: 2024-08-02T20:37:40.250Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46258 |
vulnerable | 2026-06-03 14:53:09.480724 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.342Z
Updated: 2024-08-02T20:37:40.140Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46257 |
vulnerable | 2026-06-03 14:53:09.480368 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.308Z
Updated: 2025-05-06T18:54:15.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46225 |
vulnerable | 2026-06-03 14:53:09.410620 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.285Z
Updated: 2024-08-02T20:37:40.139Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46224 |
vulnerable | 2026-06-03 14:53:09.410226 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.338Z
Updated: 2024-09-16T18:31:43.409Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46223 |
vulnerable | 2026-06-03 14:53:09.409655 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.253Z
Updated: 2024-08-02T20:37:40.182Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46222 |
vulnerable | 2026-06-03 14:53:09.406947 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.329Z
Updated: 2024-08-02T20:37:40.176Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46221 |
vulnerable | 2026-06-03 14:53:09.406588 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.331Z
Updated: 2024-08-02T20:37:40.137Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46220 |
vulnerable | 2026-06-03 14:53:09.406130 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.358Z
Updated: 2024-08-02T20:37:40.128Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46217 |
vulnerable | 2026-06-03 14:53:09.389826 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.322Z
Updated: 2024-11-27T15:13:07.764Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46216 |
vulnerable | 2026-06-03 14:53:09.389301 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.330Z
Updated: 2024-08-02T20:37:40.148Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41727 |
vulnerable | 2026-06-03 14:52:52.232945 |
Details available
CRITICAL (9.8)
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Published: 2023-12-19T15:43:26.326Z
Updated: 2025-05-06T18:53:20.334Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41726 |
vulnerable | 2026-06-03 14:52:52.231583 |
Details available
HIGH (7.8)
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Published: 2023-11-03T18:13:19.997Z
Updated: 2024-09-06T18:25:28.360Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41725 |
vulnerable | 2026-06-03 14:52:52.231122 |
Details available
HIGH (7.8)
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Published: 2023-11-03T18:13:19.979Z
Updated: 2024-09-05T14:55:18.991Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28126 |
vulnerable | 2026-06-03 14:51:08.052305 |
Details available
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Published: 2023-05-09T00:00:00.000Z
Updated: 2025-01-29T14:24:55.609Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28125 |
vulnerable | 2026-06-03 14:51:08.051872 |
Details available
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
Published: 2023-05-09T00:00:00.000Z
Updated: 2025-01-29T14:37:25.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43555 |
vulnerable | 2026-06-03 14:48:15.458300 |
Details available
HIGH (7.8)
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Published: 2023-11-03T18:13:19.919Z
Updated: 2024-09-04T20:01:58.689Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43554 |
vulnerable | 2026-06-03 14:48:15.457860 |
Details available
HIGH (7.8)
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Published: 2023-11-03T18:13:19.970Z
Updated: 2024-09-05T19:16:03.381Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22962 |
vulnerable | 2026-06-03 14:43:54.438931 |
Details available
HIGH (7.3)
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Published: 2023-12-19T15:43:26.251Z
Updated: 2024-08-03T18:58:26.311Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.