Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8296 | 1 Ivanti | 1 Avalanche | 2025-08-15 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
|
|||||
| CVE-2025-8297 | 1 Ivanti | 1 Avalanche | 2025-08-15 | N/A | 7.2 HIGH |
|
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
|
|||||
| CVE-2023-38036 | 1 Ivanti | 1 Avalanche | 2025-07-17 | N/A | 9.8 CRITICAL |
|
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
|
|||||
| CVE-2023-41474 | 1 Ivanti | 1 Avalanche | 2025-06-12 | N/A | 6.5 MEDIUM |
|
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
|
|||||
| CVE-2024-23533 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2024-23532 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
|
|||||
| CVE-2024-23531 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
|
|||||
| CVE-2024-22061 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 9.8 CRITICAL |
|
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
|
|||||
| CVE-2024-24993 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24995 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24996 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 9.8 CRITICAL |
|
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
|
|||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | N/A | 9.8 CRITICAL |
|
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
|
|||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | N/A | 9.8 CRITICAL |
|
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
|
|||||
| CVE-2024-23534 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-23530 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2024-23529 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2024-23528 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2024-24994 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-23535 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24991 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
|
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
|
|||||
| CVE-2024-24997 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24998 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-24999 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-25000 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.2 HIGH |
|
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-27975 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
|
|||||
| CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.1 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
|
|||||
| CVE-2024-27978 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
|
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
|
|||||
| CVE-2024-27984 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.1 HIGH |
|
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
|
|||||
| CVE-2024-29204 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 9.8 CRITICAL |
|
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
|
|||||
| CVE-2024-23527 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
|
|||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
|
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
|
|||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
|
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
|
|||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
|
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
|
|||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2025-01-29 | N/A | 5.9 MEDIUM |
|
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
|
|||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2025-01-29 | N/A | 5.9 MEDIUM |
|
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
|
|||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | N/A | 7.2 HIGH |
|
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
|
|||||