Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-50318 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2024-50317 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2024-50321 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2024-50320 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2024-50319 | 1 Ivanti | 1 Avalanche | 2024-11-18 | N/A | 7.5 HIGH |
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2024-47011 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | |||||
CVE-2024-47010 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | |||||
CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | |||||
CVE-2024-47008 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | |||||
CVE-2024-47007 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2024-09-17 | N/A | 9.8 CRITICAL |
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | |||||
CVE-2023-46224 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-09-17 | N/A | 9.8 CRITICAL |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-09-06 | N/A | 7.8 HIGH |
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||
CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-09-05 | N/A | 7.8 HIGH |
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
CVE-2023-41725 | 1 Ivanti | 1 Avalanche | 2024-09-05 | N/A | 7.8 HIGH |
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | |||||
CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-09-04 | N/A | 7.8 HIGH |
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
CVE-2024-38653 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.5 HIGH |
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | |||||
CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 9.1 CRITICAL |
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | |||||
CVE-2024-37399 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.5 HIGH |
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | |||||
CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.2 HIGH |
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. |