Vulnerabilities (CVE)

Filtered by vendor Ivanti Subscribe
Filtered by product Avalanche
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-50318 1 Ivanti 1 Avalanche 2024-11-18 N/A 7.5 HIGH
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50317 1 Ivanti 1 Avalanche 2024-11-18 N/A 7.5 HIGH
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50321 1 Ivanti 1 Avalanche 2024-11-18 N/A 7.5 HIGH
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50320 1 Ivanti 1 Avalanche 2024-11-18 N/A 7.5 HIGH
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50319 1 Ivanti 1 Avalanche 2024-11-18 N/A 7.5 HIGH
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47011 1 Ivanti 1 Avalanche 2024-10-16 N/A 7.5 HIGH
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVE-2024-47010 1 Ivanti 1 Avalanche 2024-10-16 N/A 9.8 CRITICAL
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47009 1 Ivanti 1 Avalanche 2024-10-16 N/A 9.8 CRITICAL
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47008 1 Ivanti 1 Avalanche 2024-10-16 N/A 7.5 HIGH
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-47007 1 Ivanti 1 Avalanche 2024-10-16 N/A 7.5 HIGH
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2023-46265 1 Ivanti 1 Avalanche 2024-09-17 N/A 9.8 CRITICAL
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46224 2 Ivanti, Microsoft 2 Avalanche, Windows 2024-09-17 N/A 9.8 CRITICAL
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-41726 1 Ivanti 1 Avalanche 2024-09-06 N/A 7.8 HIGH
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
CVE-2022-43554 1 Ivanti 1 Avalanche 2024-09-05 N/A 7.8 HIGH
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2023-41725 1 Ivanti 1 Avalanche 2024-09-05 N/A 7.8 HIGH
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVE-2022-43555 1 Ivanti 1 Avalanche 2024-09-04 N/A 7.8 HIGH
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2024-38653 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.5 HIGH
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-38652 1 Ivanti 1 Avalanche 2024-08-15 N/A 9.1 CRITICAL
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVE-2024-37399 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.5 HIGH
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-37373 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.2 HIGH
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.