Vulnerabilities > Ivanti > Avalanche > 6.3.4.153
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-19 | CVE-2024-25000 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-27975 | Unspecified vulnerability in Ivanti Avalanche An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-27976 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-27977 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | 8.1 |
| 2024-04-19 | CVE-2024-27978 | Unspecified vulnerability in Ivanti Avalanche A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | 6.5 |
| 2024-04-19 | CVE-2024-27984 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | 7.1 |
| 2024-04-19 | CVE-2024-29204 | Unspecified vulnerability in Ivanti Avalanche A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | 9.8 |
| 2024-01-25 | CVE-2023-41474 | Path Traversal vulnerability in Ivanti Avalanche 6.3.4.153 Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | 6.5 |
| 2023-12-19 | CVE-2021-22962 | Unspecified vulnerability in Ivanti Avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
| 2023-12-19 | CVE-2023-41727 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |