Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 114 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-19 | CVE-2024-27976 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | Avalanche | 8.8 | ||
| 2024-04-19 | CVE-2024-27977 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | Avalanche | 8.1 | ||
| 2024-04-19 | CVE-2024-27978 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | Avalanche | 6.5 | ||
| 2024-04-19 | CVE-2024-27984 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | Avalanche | 7.1 | ||
| 2024-04-19 | CVE-2024-29204 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | Avalanche | 9.8 | ||
| 2024-04-25 | CVE-2024-23527 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | Avalanche | 7.5 | ||
| 2024-05-31 | CVE-2024-29848 | An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | Avalanche | 7.2 | ||
| 2023-08-10 | CVE-2023-32560 | An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | Avalanche | 9.8 | ||
| 2023-08-10 | CVE-2023-32561 | A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | Avalanche | 7.5 | ||
| 2023-08-10 | CVE-2023-32562 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | Avalanche | 9.8 |