Vulnerabilities > Ivanti > Avalanche > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-50317 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50318 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50319 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50320 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-50321 | Infinite Loop vulnerability in Ivanti Avalanche An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-10-08 | CVE-2024-47007 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-10-08 | CVE-2024-47008 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2024-10-08 | CVE-2024-47011 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 7.5 |
| 2024-08-14 | CVE-2024-36136 | Off-by-one Error vulnerability in Ivanti Avalanche An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
| 2024-08-14 | CVE-2024-37373 | Unspecified vulnerability in Ivanti Avalanche Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | 7.2 |