Avalanche

avalanche

Vendor: Ivanti • 117 CVEs

CVEs (117)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37373 1Ivanti 1Avalanche Aug 15, 2024 Aug 14, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVE-2024-36136 1Ivanti 1Avalanche Aug 15, 2024 Aug 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-29848 1Ivanti 1Avalanche May 6, 2025 May 31, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVE-2024-23527 1Ivanti 1Avalanche May 6, 2025 Apr 25, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-29204 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVE-2024-27984 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
CVE-2024-27978 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVE-2024-27977 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
CVE-2024-27976 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-27975 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-25000 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24999 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24998 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24997 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24996 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
CVE-2024-24995 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24994 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24993 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24992 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24991 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

Previous 123 4 5 6 Next