Filtered by vendor Ivanti
Subscriptions
Filtered by product Avalanche
Subscriptions
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.3 High |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||||
CVE-2024-47008 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | ||||
CVE-2024-47007 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | ||||
CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-16 | 7.2 High |
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | ||||
CVE-2024-38653 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 7.5 High |
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | ||||
CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 9.1 Critical |
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | ||||
CVE-2024-37399 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 7.5 High |
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | ||||
CVE-2024-36136 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 7.5 High |
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. |