Ivanti

Avalanche

117 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-8297

  • EPSS 1.12%
  • Published 12.08.2025 14:37:23
  • Last modified 15.08.2025 18:23:30

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution

7.2

CVE-2025-8296

  • EPSS 0.4%
  • Published 12.08.2025 14:33:47
  • Last modified 15.08.2025 18:23:41

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

9.8

CVE-2023-38036

  • EPSS 1.76%
  • Published 12.07.2025 03:30:40
  • Last modified 17.07.2025 13:45:21

A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.

9.8

CVE-2024-13179

  • EPSS 15.62%
  • Published 14.01.2025 17:15:14
  • Last modified 16.01.2025 21:01:38

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

7.5

CVE-2024-13180

  • EPSS 5.11%
  • Published 14.01.2025 17:15:14
  • Last modified 16.01.2025 21:01:52

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.

9.8

CVE-2024-13181

  • EPSS 14.59%
  • Published 14.01.2025 17:15:14
  • Last modified 16.01.2025 21:02:04

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

7.5

CVE-2024-50331

  • EPSS 8.61%
  • Published 12.11.2024 16:15:25
  • Last modified 18.12.2024 18:44:43

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.

7.5

CVE-2024-50321

  • EPSS 2.76%
  • Published 12.11.2024 16:15:24
  • Last modified 18.11.2024 15:06:30

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5

CVE-2024-50317

  • EPSS 6.14%
  • Published 12.11.2024 16:15:23
  • Last modified 18.11.2024 15:06:49

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5

CVE-2024-50318

  • EPSS 6.14%
  • Published 12.11.2024 16:15:23
  • Last modified 18.11.2024 15:06:52

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.