Ivanti

Avalanche

117 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-37373

  • EPSS 5.93%
  • Published 14.08.2024 03:15:04
  • Last modified 15.08.2024 17:31:32

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

7.5

CVE-2024-37399

  • EPSS 35.46%
  • Published 14.08.2024 03:15:04
  • Last modified 15.08.2024 17:31:49

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

7.2

CVE-2024-29848

  • EPSS 21.2%
  • Published 31.05.2024 18:15:12
  • Last modified 06.05.2025 14:43:00

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

7.5

CVE-2024-23527

  • EPSS 1.86%
  • Published 25.04.2024 06:15:54
  • Last modified 06.05.2025 13:35:39

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

8.8

CVE-2024-27975

  • EPSS 2.04%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:30:56

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-27976

  • EPSS 3.72%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:29:48

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.1

CVE-2024-27977

  • EPSS 3.01%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:21:09

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.

6.5

CVE-2024-27978

  • EPSS 1.76%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:18:24

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

7.1

CVE-2024-27984

  • EPSS 1.38%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:12:01

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.

9.8

CVE-2024-29204

  • EPSS 5.18%
  • Published 19.04.2024 02:15:10
  • Last modified 06.05.2025 14:00:23

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands