Avalanche

avalanche

Vendor: Ivanti • 117 CVEs

CVEs (117)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23535 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-23534 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-23533 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
CVE-2024-23532 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lea...Show more An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. Show less
CVE-2024-23531 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also...Show more An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. Show less
CVE-2024-23530 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23529 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23528 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23526 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-22061 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVE-2023-41474 1Ivanti 1Avalanche Jun 12, 2025 Jan 25, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
CVE-2023-46804 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVE-2023-46803 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVE-2023-46266 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
CVE-2023-46265 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46264 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVE-2023-46263 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
CVE-2023-46262 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVE-2023-46261 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-46260 1Ivanti 1Avalanche Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Previous 1 234 5 6 Next