Filtered by vendor Ivanti Subscriptions
Filtered by product Avalanche Subscriptions
Total 88 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-47009 1 Ivanti 1 Avalanche 2024-10-16 7.3 High
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47008 1 Ivanti 1 Avalanche 2024-10-16 7.5 High
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-47007 1 Ivanti 1 Avalanche 2024-10-16 7.5 High
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-37373 1 Ivanti 1 Avalanche 2024-08-16 7.2 High
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVE-2024-38653 1 Ivanti 1 Avalanche 2024-08-15 7.5 High
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-38652 1 Ivanti 1 Avalanche 2024-08-15 9.1 Critical
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVE-2024-37399 1 Ivanti 1 Avalanche 2024-08-15 7.5 High
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-36136 1 Ivanti 1 Avalanche 2024-08-15 7.5 High
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.