Vulnerabilities (CVE)

Filtered by vendor Ivanti Subscribe
Total 378 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46257 2 Ivanti, Microsoft 2 Avalanche, Windows 2025-05-06 N/A 9.8 CRITICAL
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2023-41727 2 Ivanti, Microsoft 2 Avalanche, Windows 2025-05-06 N/A 9.8 CRITICAL
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE-2024-23534 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-23530 1 Ivanti 1 Avalanche 2025-05-06 N/A 7.5 HIGH
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23529 1 Ivanti 1 Avalanche 2025-05-06 N/A 7.5 HIGH
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23528 1 Ivanti 1 Avalanche 2025-05-06 N/A 7.5 HIGH
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23526 1 Ivanti 1 Avalanche 2025-05-06 N/A 7.5 HIGH
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-24994 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24992 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-23535 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24991 1 Ivanti 1 Avalanche 2025-05-06 N/A 6.5 MEDIUM
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVE-2024-24997 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24998 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24999 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-25000 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-29848 1 Ivanti 1 Avalanche 2025-05-06 N/A 7.2 HIGH
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVE-2024-27975 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-27976 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-27977 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.1 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
CVE-2024-27978 1 Ivanti 1 Avalanche 2025-05-06 N/A 6.5 MEDIUM
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.