Ivanti Avalanche
92 CVEs affecting Ivanti Avalanche. Latest disclosed: 2025-08-12. Critical: 21, High: 56.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24996 | Critical | 9.8 | 2024-04-19 | A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary co… |
CVE-2024-29204 | Critical | 9.8 | 2024-04-19 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary co… |
CVE-2023-46220 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46261 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46258 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46224 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46221 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46222 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46257 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46225 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46259 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2023-46223 | Critical | 9.8 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or c… |
CVE-2022-36978 | Critical | 9.8 | 2023-03-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requi… |
CVE-2022-36977 | Critical | 9.8 | 2023-03-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requi… |
CVE-2022-36974 | Critical | 9.8 | 2023-03-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requi… |
CVE-2022-36971 | Critical | 9.8 | 2023-03-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requi… |
CVE-2022-36980 | Critical | 9.4 | 2023-03-29 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requir… |
CVE-2022-36976 | Critical | 9.1 | 2023-03-29 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within t… |
CVE-2022-36975 | Critical | 9.1 | 2023-03-29 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within t… |
CVE-2022-36973 | Critical | 9.1 | 2023-03-29 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is requir… |