Avalanche
by Ivanti
CVEs (113)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8901 | Hig | 0.51 | 7.8 | 0.01 | Jun 29, 2018 | An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This… | ||
| CVE-2024-13181 | Hig | 0.50 | 7.3 | 0.32 | Jan 14, 2025 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | ||
| CVE-2024-47010 | Hig | 0.50 | 7.3 | 0.38 | Oct 8, 2024 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||
| CVE-2024-50331 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2024 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | ||
| CVE-2024-50321 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2024 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-50319 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2024 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-50318 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2024 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-50317 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2024 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-47007 | Hig | 0.49 | 7.5 | 0.01 | Oct 8, 2024 | A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-36136 | Hig | 0.49 | 7.5 | 0.02 | Aug 14, 2024 | An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | ||
| CVE-2024-23527 | Hig | 0.49 | 7.5 | 0.02 | Apr 25, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||
| CVE-2024-24995 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||
| CVE-2024-24993 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||
| CVE-2024-23532 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. | ||
| CVE-2024-23531 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. | ||
| CVE-2024-23530 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||
| CVE-2024-23529 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||
| CVE-2024-23528 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||
| CVE-2024-23526 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||
| CVE-2023-46804 | Hig | 0.49 | 7.5 | 0.04 | Dec 19, 2023 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). |
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This…
- risk 0.50cvss 7.3epss 0.32
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
- risk 0.50cvss 7.3epss 0.38
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
- risk 0.49cvss 7.5epss 0.01
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- risk 0.49cvss 7.5epss 0.02
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
- risk 0.49cvss 7.5epss 0.02
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
- risk 0.49cvss 7.5epss 0.02
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- risk 0.49cvss 7.5epss 0.04
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
Page 5 of 6