Vulnerabilities > Ivanti > Avalanche > 6.4.1.207
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-19 | CVE-2024-23535 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-24991 | Unspecified vulnerability in Ivanti Avalanche A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | 6.5 |
| 2024-04-19 | CVE-2024-24992 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-24993 | Unspecified vulnerability in Ivanti Avalanche A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 7.5 |
| 2024-04-19 | CVE-2024-24994 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-24995 | Unspecified vulnerability in Ivanti Avalanche A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 7.5 |
| 2024-04-19 | CVE-2024-24996 | Unspecified vulnerability in Ivanti Avalanche A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. | 9.8 |
| 2024-04-19 | CVE-2024-24997 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-24998 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |
| 2024-04-19 | CVE-2024-24999 | Unspecified vulnerability in Ivanti Avalanche A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 |