Ivanti

Avalanche

117 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-24993

  • EPSS 1.45%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 19:18:36

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

8.8

CVE-2024-24994

  • EPSS 41.99%
  • Published 19.04.2024 02:15:08
  • Last modified 06.05.2025 18:29:00

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

7.5

CVE-2024-23526

  • EPSS 2.17%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 18:30:25

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

7.5

CVE-2024-23528

  • EPSS 2.17%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 18:58:45

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

7.5

CVE-2024-23529

  • EPSS 2.17%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 19:08:53

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

7.5

CVE-2024-23530

  • EPSS 1.34%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 19:09:04

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

7.5

CVE-2024-23531

  • EPSS 3.39%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 19:23:47

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from ...

7.5

CVE-2024-23532

  • EPSS 16.64%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 19:24:37

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

6.5

CVE-2024-23533

  • EPSS 1.35%
  • Published 19.04.2024 02:15:07
  • Last modified 06.05.2025 19:24:55

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.

9.8

CVE-2024-22061

  • EPSS 7.08%
  • Published 19.04.2024 02:15:06
  • Last modified 06.05.2025 19:23:00

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands