Product:

Avalanche

(Ivanti)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 114
Date Id Summary Products Score Patch Annotated
2024-10-08 CVE-2024-47007 A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. Avalanche 7.5
2024-10-08 CVE-2024-47008 Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Avalanche 7.5
2024-10-08 CVE-2024-47009 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Avalanche 9.8
2024-10-08 CVE-2024-47010 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Avalanche 9.8
2024-10-08 CVE-2024-47011 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information Avalanche 7.5
2024-08-14 CVE-2024-36136 An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Avalanche 7.5
2024-08-14 CVE-2024-37373 Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. Avalanche 7.2
2024-08-14 CVE-2024-37399 A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Avalanche 7.5
2024-08-14 CVE-2024-38652 Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. Avalanche 9.1
2024-08-14 CVE-2024-38653 XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. Avalanche 7.5