Ivanti

Avalanche

117 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-24995

  • EPSS 2.78%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 19:18:25

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

9.8

CVE-2024-24996

  • EPSS 35.11%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 19:17:31

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.

8.8

CVE-2024-24997

  • EPSS 5.18%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 18:22:37

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-24998

  • EPSS 3.72%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 18:22:21

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-24999

  • EPSS 6.95%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 18:15:37

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-25000

  • EPSS 3.72%
  • Published 19.04.2024 02:15:09
  • Last modified 06.05.2025 18:14:17

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-23534

  • EPSS 2.62%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 19:15:44

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-23535

  • EPSS 41.99%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 18:28:37

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

6.5

CVE-2024-24991

  • EPSS 2.84%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 18:28:21

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

8.8

CVE-2024-24992

  • EPSS 55.9%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 18:28:49

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.