cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50321,https://securityvulnerability.io/vulnerability/CVE-2024-50321,Denial of Service Vulnerability in Ivanti Avalanche Software,"An infinite loop vulnerability present in Ivanti Avalanche prior to version 6.4.6 allows an unauthenticated remote attacker to exploit the flaw, leading to a denial of service condition. This vulnerability poses risks to system availability, potentially disrupting business operations and affecting users. Organizations using affected versions should prioritize implementing security updates to mitigate potential exploitation.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50318,https://securityvulnerability.io/vulnerability/CVE-2024-50318,Null Pointer Dereference in Ivanti Avalanche by Ivanti,"The vulnerability allows a remote unauthenticated attacker to trigger a null pointer dereference in the Ivanti Avalanche software, leading to a denial of service condition. Attackers exploiting this vulnerability can disrupt services and affect availability, posing significant risk to organizations utilizing Ivanti Avalanche for device management.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50331,https://securityvulnerability.io/vulnerability/CVE-2024-50331,Out-of-Bounds Read Vulnerability in Ivanti Avalanche by Ivanti,"Ivanti Avalanche, a device management solution, contains an out-of-bounds read vulnerability that may be exploited by remote unauthenticated attackers. This flaw can result in the unauthorized leak of sensitive information from the server's memory. The issue exists in versions prior to 6.4.6, making it imperative for users to apply the latest updates to safeguard their systems.",Ivanti,Avalanche,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50320,https://securityvulnerability.io/vulnerability/CVE-2024-50320,Denial of Service Vulnerability in Ivanti Avalanche Product,"A vulnerability in Ivanti Avalanche prior to version 6.4.6 has been identified, characterized by an infinite loop condition. This flaw can be exploited by remote unauthenticated attackers, potentially leading to a denial of service scenario. The affected versions lack adequate safeguards against this sort of attack, making it imperative for users to update to a patched version to maintain system integrity and availability.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50319,https://securityvulnerability.io/vulnerability/CVE-2024-50319,Denial of Service Vulnerability in Ivanti Avalanche by Ivanti,"An infinite loop vulnerability has been identified in Ivanti Avalanche prior to version 6.4.6, which could allow a remote unauthenticated attacker to initiate a denial of service. By exploiting this flaw, attackers may disrupt the service availability of the product, leading to potential downtime and operational issues. It is crucial for organizations using Ivanti Avalanche to apply the latest updates to mitigate the risks posed by this vulnerability and ensure the stability of their systems.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50317,https://securityvulnerability.io/vulnerability/CVE-2024-50317,Null Pointer Dereference in Ivanti Avalanche Products,"A vulnerability exists in Ivanti Avalanche prior to version 6.4.6 due to a null pointer dereference issue. This flaw can be exploited by remote unauthenticated attackers, potentially leading to a denial of service situation. It is crucial for users of Ivanti Avalanche to ensure they are running a patched version to mitigate the risks associated with this vulnerability.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-47011,https://securityvulnerability.io/vulnerability/CVE-2024-47011,Unauthorized Information Leakage Through Path Traversal in Ivanti Avalanche Before v6.4.5,"A vulnerability exists in Ivanti Avalanche prior to version 6.4.5 that allows a remote unauthenticated attacker to exploit Path Traversal. This security flaw can result in sensitive information being leaked, potentially exposing confidential data and compromising the security of affected organizations. It is imperative for users of Ivanti Avalanche to upgrade to the latest version to mitigate this risk.",Ivanti,Avalanche,7.5,HIGH,0.006969999987632036,false,false,false,false,,false,false,2024-10-08T16:30:25.388Z,0
CVE-2024-47010,https://securityvulnerability.io/vulnerability/CVE-2024-47010,Unauthenticated Path Traversal Vulnerability in Ivanti Avalanche before v6.4.5,"A path traversal vulnerability in Ivanti Avalanche prior to version 6.4.5 enables remote unauthenticated attackers to exploit the system by manipulating file paths. This flaw could allow an attacker to access restricted files and bypass authentication mechanisms, potentially compromising sensitive data and system integrity.",Ivanti,Avalanche,9.8,CRITICAL,0.010029999539256096,false,false,false,false,,false,false,2024-10-08T16:29:57.222Z,0
CVE-2024-47009,https://securityvulnerability.io/vulnerability/CVE-2024-47009,Remotely Exploitable Path Traversal Vulnerability in Ivanti Avalanche Before Version 6.4.5,"A significant vulnerability exists in Ivanti Avalanche versions prior to 6.4.5, characterized as a path traversal flaw. This vulnerability enables remote unauthenticated attackers to exploit the system, allowing them to bypass authentication mechanisms. This breach can potentially lead to unauthorized access to sensitive data and system functionalities, emphasizing the critical need for users to update to the latest version to mitigate associated risks.",Ivanti,Avalanche,9.8,CRITICAL,0.010029999539256096,false,false,false,false,,false,false,2024-10-08T16:28:53.641Z,0
CVE-2024-47008,https://securityvulnerability.io/vulnerability/CVE-2024-47008,Ivanti Avalanche Server-side Request Forgery Vulnerability Allows Leak of Sensitive Information,"A server-side request forgery vulnerability exists in Ivanti Avalanche prior to version 6.4.5. This weakness allows attackers to send crafted requests that can lead to the exposure of sensitive information. A remote, unauthenticated attacker could exploit this vulnerability to access data that should be protected, posing significant risks to organizational privacy and security. Stakeholders using affected versions are encouraged to upgrade as soon as possible to mitigate exposure.",Ivanti,Avalanche,7.5,HIGH,0.006969999987632036,false,false,false,false,,false,false,2024-10-08T16:28:14.887Z,0
CVE-2024-47007,https://securityvulnerability.io/vulnerability/CVE-2024-47007,Remote Denial of Service Vulnerability in Ivanti Avalanche Before 6.4.5,"A vulnerability exists in Ivanti Avalanche before version 6.4.5, specifically in the WLAvalancheService.exe component, where a NULL pointer dereference can occur. This security flaw allows remote, unauthenticated attackers to potentially trigger a denial of service, disrupting the availability of the service. Organizations utilizing this software should assess their current version and consider upgrading to mitigate associated risks.",Ivanti,Avalanche,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-08T16:27:46.696Z,0
CVE-2024-38652,https://securityvulnerability.io/vulnerability/CVE-2024-38652,Skin Management Components Vulnerable to Path Traversal Attacks,"A path traversal vulnerability exists within the skin management component of Ivanti Avalanche 6.3.1, which permits remote unauthenticated attackers to manipulate file paths. By exploiting this flaw, attackers can delete arbitrary files, potentially resulting in a denial of service condition. This vulnerability emphasizes the importance of implementing stringent input validation measures to mitigate unauthorized access and file management operations.",Ivanti,Avalanche,9.1,CRITICAL,0.005679999943822622,false,false,false,false,,false,false,2024-08-14T02:38:00.686Z,0
CVE-2024-37373,https://securityvulnerability.io/vulnerability/CVE-2024-37373,Remote Code Execution Vulnerability in Ivanti Avalanche 6.3.1,"A significant vulnerability exists in Ivanti Avalanche versions 6.3.1 and 6.4.4, where improper input validation in the Central Filestore can be exploited by a remote authenticated attacker with administrative rights. This flaw potentially allows the attacker to execute arbitrary code remotely, posing a major threat to system integrity and data safety. Organizations using affected versions should prioritize patching and review their security measures to mitigate this vulnerability.",Ivanti,Avalanche,7.2,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-08-14T02:38:00.225Z,0
CVE-2024-37399,https://securityvulnerability.io/vulnerability/CVE-2024-37399,Remote Unauth DoS Vulnerability in Ivanti Avalanche 6.3.1,"A vulnerability exists in the WLAvalancheService within Ivanti Avalanche version 6.3.1, where a NULL pointer dereference can be exploited by remote unauthenticated attackers. This flaw can lead to the unintentional crashing of the service, thereby affecting its stability. The potential for denial of service presents a significant concern for organizations relying on Ivanti Avalanche for effective management and security of their mobile and device infrastructures.",Ivanti,Avalanche,7.5,HIGH,0.00394000019878149,false,false,false,false,,false,false,2024-08-14T02:38:00.168Z,0
CVE-2024-38653,https://securityvulnerability.io/vulnerability/CVE-2024-38653,Unauthorized Access to Arbitrary Files in Ivanti SmartDeviceServer 6.3.1,"An XXE (XML External Entity) vulnerability exists in the SmartDeviceServer component of Ivanti Avalanche 6.3.1. This allows a remote unauthenticated attacker to exploit the issue and gain unauthorized access to read arbitrary files stored on the server. This vulnerability poses a risk to the security of sensitive data managed within the Ivanti Avalanche environment, highlighting the importance of immediate patching and risk mitigation strategies.",Ivanti,Avalanche,7.5,HIGH,0.026399999856948853,false,false,false,false,,false,false,2024-08-14T02:38:00.149Z,0
CVE-2024-36136,https://securityvulnerability.io/vulnerability/CVE-2024-36136,Ivanti Avalanche Under Attack: Off-by-one Error Leads to DoS,"The vulnerability identified in Ivanti Avalanche 6.3.1 is an off-by-one error in the WLInfoRailService component. This flaw can be exploited by a remote unauthenticated attacker, leading to a potential denial-of-service attack. When successfully exploited, it allows attackers to crash the service, disrupting operations and impacting availability. Organizations using this version of Ivanti Avalanche should take immediate action to address this vulnerability to safeguard their systems against possible malicious exploits.",Ivanti,Avalanche,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T02:38:00.141Z,0
CVE-2024-29848,https://securityvulnerability.io/vulnerability/CVE-2024-29848,Unrestricted File Upload Vulnerability in Ivanti Avalanche Could Lead to System Execution,"The Ivanti Avalanche web component prior to version 6.4.x contains an unrestricted file upload vulnerability that can be exploited by an authenticated and privileged user. This flaw allows malicious users to upload files of their choosing, potentially leading to arbitrary command execution with SYSTEM privileges. Such a vulnerability poses a serious risk, as compromised systems can be manipulated, leading to unauthorized access or even complete system control. Organizations using this affected software need to apply security updates and take preventive measures to safeguard their systems.",Ivanti,Avalanche,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-31T17:38:31.376Z,0
CVE-2024-23527,https://securityvulnerability.io/vulnerability/CVE-2024-23527,Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3,"An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ",Ivanti,Avalanche,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-04-25T06:15:00.000Z,0
CVE-2024-23526,https://securityvulnerability.io/vulnerability/CVE-2024-23526,Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3,"An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ",Ivanti,Avalanche,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-04-19T01:10:31.066Z,0
CVE-2024-22061,https://securityvulnerability.io/vulnerability/CVE-2024-22061,Heap Overflow Vulnerability in WLInfoRailService Component,"A significant Heap Overflow vulnerability exists within the WLInfoRailService component of Ivanti Avalanche versions prior to 6.4.3. This vulnerability permits an unauthenticated remote attacker to execute arbitrary commands on affected systems. Exploitation of this vulnerability could lead to unauthorized actions on the target systems, compromising security integrity and data confidentiality. Organizations using Ivanti Avalanche are advised to update to version 6.4.3 or later to mitigate this risk.",Ivanti,Avalanche,8.1,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-04-19T01:10:30.635Z,0
CVE-2024-23529,https://securityvulnerability.io/vulnerability/CVE-2024-23529,Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3,"An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ",Ivanti,Avalanche,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-04-19T01:10:13.141Z,0
CVE-2024-23528,https://securityvulnerability.io/vulnerability/CVE-2024-23528,Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3,"An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ",Ivanti,Avalanche,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-04-19T01:10:13.138Z,0
CVE-2024-25000,https://securityvulnerability.io/vulnerability/CVE-2024-25000,Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3,A significant Path Traversal vulnerability exists in the web component of Ivanti Avalanche prior to version 6.4.3. This flaw permits remote authenticated attackers to exploit the system and execute arbitrary commands with SYSTEM privileges. The risk posed by this vulnerability emphasizes the need for users and organizations to upgrade to the patched version to safeguard their systems against potential exploitation.,Ivanti,Avalanche,8.8,HIGH,0.0013299999991431832,false,false,false,false,,false,false,2024-04-19T01:10:12.506Z,0
CVE-2024-27977,https://securityvulnerability.io/vulnerability/CVE-2024-27977,Remote File Delete Vulnerability Leads to Denial-of-Service,"The vulnerability in the web component of Ivanti Avalanche prior to version 6.4.3 enables an authenticated remote attacker to exploit path traversal techniques, resulting in the ability to delete arbitrary files. This can lead to significant disruptions in service, manifesting as Denial-of-Service, and could compromise the integrity and availability of the affected system. Organizations using affected versions should prioritize updating to secure versions to mitigate risks.",Ivanti,Avalanche,7.1,HIGH,0.0013299999991431832,false,false,false,false,,false,false,2024-04-19T01:10:11.971Z,0
CVE-2024-24992,https://securityvulnerability.io/vulnerability/CVE-2024-24992,Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3,"A Path Traversal vulnerability exists within the web component of Ivanti Avalanche versions prior to 6.4.3, which allows remote authenticated attackers to exploit the system by executing arbitrary commands with SYSTEM privileges. This vulnerability poses significant security risks as it could enable unauthorized access and control over the affected systems.",Ivanti,Avalanche,8.8,HIGH,0.0013299999991431832,false,false,false,false,,false,false,2024-04-19T01:10:11.959Z,0