Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:avalanche:6.4.3:*:*:*:*:*:*:*
part: a version: 6.4.3 update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Avalanche (406230a0-8d9b-526f-88b7-0c6e48e09b64) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-29204 |
vulnerable | 2026-06-03 14:55:27.049279 |
Details available
CRITICAL (9.8)
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
Published: 2024-04-19T01:10:11.799Z
Updated: 2025-12-16T18:13:23.406Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27984 |
vulnerable | 2026-06-03 14:55:24.389812 |
Details available
HIGH (7.1)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
Published: 2024-04-19T01:10:11.772Z
Updated: 2024-08-02T00:41:55.988Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27978 |
vulnerable | 2026-06-03 14:55:24.381365 |
Details available
MEDIUM (6.5)
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
Published: 2024-04-19T01:10:11.863Z
Updated: 2024-08-02T00:41:56.001Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27977 |
vulnerable | 2026-06-03 14:55:24.381046 |
Details available
HIGH (7.1)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
Published: 2024-04-19T01:10:11.971Z
Updated: 2024-08-02T00:41:55.951Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27976 |
vulnerable | 2026-06-03 14:55:24.380703 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.814Z
Updated: 2025-12-16T18:13:22.212Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27975 |
vulnerable | 2026-06-03 14:55:24.379727 |
Details available
HIGH (8.8)
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.777Z
Updated: 2025-12-16T18:13:22.068Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25000 |
vulnerable | 2026-06-03 14:55:06.218430 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:12.506Z
Updated: 2025-12-16T18:13:17.251Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24999 |
vulnerable | 2026-06-03 14:55:06.213993 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.874Z
Updated: 2025-12-16T18:13:19.788Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24998 |
vulnerable | 2026-06-03 14:55:06.213628 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.897Z
Updated: 2024-08-01T23:36:21.396Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24997 |
vulnerable | 2026-06-03 14:55:06.213341 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.872Z
Updated: 2025-12-16T18:13:19.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24996 |
vulnerable | 2026-06-03 14:55:06.213014 |
Details available
CRITICAL (9.8)
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
Published: 2024-04-19T01:10:11.852Z
Updated: 2025-03-24T21:08:25.157Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24995 |
vulnerable | 2026-06-03 14:55:06.212601 |
Details available
HIGH (8.8)
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.896Z
Updated: 2025-12-16T18:13:19.399Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24994 |
vulnerable | 2026-06-03 14:55:06.212306 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.856Z
Updated: 2024-08-01T23:36:21.246Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24993 |
vulnerable | 2026-06-03 14:55:06.212006 |
Details available
HIGH (8.8)
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.886Z
Updated: 2024-08-01T23:36:21.233Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24992 |
vulnerable | 2026-06-03 14:55:06.211678 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.959Z
Updated: 2025-01-07T00:40:56.985Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24991 |
under_investigation | 2026-06-03 14:55:06.211364 |
Details available
MEDIUM (6.5)
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
Published: 2024-04-19T01:10:11.872Z
Updated: 2024-08-01T23:36:20.586Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23535 |
vulnerable | 2026-06-03 14:55:04.056439 |
Details available
HIGH (8.8)
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.917Z
Updated: 2025-12-16T18:13:20.561Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23534 |
vulnerable | 2026-06-03 14:55:04.056115 |
Details available
HIGH (8.8)
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Published: 2024-04-19T01:10:11.834Z
Updated: 2025-12-16T18:13:20.417Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23533 |
vulnerable | 2026-06-03 14:55:04.055793 |
Details available
MEDIUM (4.3)
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
Published: 2024-04-19T01:10:11.827Z
Updated: 2024-08-01T23:06:25.130Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23532 |
vulnerable | 2026-06-03 14:55:04.055451 |
Details available
HIGH (7.5)
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
Published: 2024-04-19T01:10:11.922Z
Updated: 2024-08-01T23:06:25.255Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23531 |
under_investigation | 2026-06-03 14:55:04.055083 |
Details available
HIGH (7.5)
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
Published: 2024-04-19T01:10:11.825Z
Updated: 2024-08-01T23:06:25.127Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23530 |
vulnerable | 2026-06-03 14:55:04.054734 |
Details available
MEDIUM (5.3)
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Published: 2024-04-19T01:10:11.824Z
Updated: 2024-08-01T23:06:24.718Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23529 |
vulnerable | 2026-06-03 14:55:04.054371 |
Details available
MEDIUM (5.3)
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Published: 2024-04-19T01:10:13.141Z
Updated: 2024-08-01T23:06:24.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23528 |
vulnerable | 2026-06-03 14:55:04.053977 |
Details available
MEDIUM (5.3)
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Published: 2024-04-19T01:10:13.138Z
Updated: 2024-08-01T23:06:25.298Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23526 |
vulnerable | 2026-06-03 14:55:04.051697 |
Details available
MEDIUM (5.3)
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Published: 2024-04-19T01:10:31.066Z
Updated: 2024-08-01T23:06:25.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22061 |
vulnerable | 2026-06-03 14:54:59.569107 |
Details available
HIGH (8.1)
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
Published: 2024-04-19T01:10:30.635Z
Updated: 2024-08-01T22:35:34.718Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.