VYPR

Avalanche

by Ivanti

CVEs (113)

  • CVE-2018-8901HigJun 29, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This…

  • CVE-2024-13181HigJan 14, 2025
    risk 0.50cvss 7.3epss 0.32

    Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

  • CVE-2024-47010HigOct 8, 2024
    risk 0.50cvss 7.3epss 0.38

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

  • CVE-2024-50331HigNov 12, 2024
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.

  • CVE-2024-50321HigNov 12, 2024
    risk 0.49cvss 7.5epss 0.01

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-50319HigNov 12, 2024
    risk 0.49cvss 7.5epss 0.01

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-50318HigNov 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-50317HigNov 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-47007HigOct 8, 2024
    risk 0.49cvss 7.5epss 0.01

    A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-36136HigAug 14, 2024
    risk 0.49cvss 7.5epss 0.02

    An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

  • CVE-2024-23527HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

  • CVE-2024-24995HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-24993HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-23532HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

  • CVE-2024-23531HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

  • CVE-2024-23530HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

  • CVE-2024-23529HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

  • CVE-2024-23528HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

  • CVE-2024-23526HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

  • CVE-2023-46804HigDec 19, 2023
    risk 0.49cvss 7.5epss 0.04

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Page 5 of 6