Filtered by vendor Ivanti
Subscribe
Total
378 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | N/A | 9.8 CRITICAL |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | N/A | 9.8 CRITICAL |
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
CVE-2024-23534 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-23530 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
CVE-2024-23529 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
CVE-2024-23528 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
CVE-2024-24994 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-23535 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-24991 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | |||||
CVE-2024-24997 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-24998 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-24999 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-25000 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.2 HIGH |
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-27975 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.1 HIGH |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | |||||
CVE-2024-27978 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. |