Search Results | AttackerKB

Show filters

Topics 119 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

119 Total Results

Displaying 11-20 of 119

Attacker Value

Unknown

CVE-2024-50317

Disclosure Date: November 12, 2024 (last updated November 19, 2024)

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-47011

Disclosure Date: October 08, 2024 (last updated October 17, 2024)

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-47010

Disclosure Date: October 08, 2024 (last updated October 17, 2024)

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-47009

Disclosure Date: October 08, 2024 (last updated October 17, 2024)

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-47008

Disclosure Date: October 08, 2024 (last updated October 17, 2024)

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-47007

Disclosure Date: October 08, 2024 (last updated October 17, 2024)

A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-38653

Disclosure Date: August 14, 2024 (last updated August 16, 2024)

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-38652

Disclosure Date: August 14, 2024 (last updated August 16, 2024)

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-37399

Disclosure Date: August 14, 2024 (last updated August 16, 2024)

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-37373

Disclosure Date: August 14, 2024 (last updated August 16, 2024)

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

Attack Vector: Network Privileges: High User Interaction: None

0