32 matches found
Blockchain Communication Vulnerabilities
Blockchains are diverse in the way they handle communications between their nodes to disseminate information, mitigate attacks, and agree on the next block. While security vulnerabilities have been identified, they rely on an attack custom-made for a specific blockchain communication protocol. To...
EUVD-2018-20510
Malware in sbrugna...
EUVD-2018-20509
Malware in sbrugna...
EUVD-2024-22361
Malicious code in bioql PyPI...
EUVD-2022-39630
Malicious code in bioql PyPI...
EUVD-2023-31837
Malicious code in bioql PyPI...
EUVD-2024-44826
Malicious code in bioql PyPI...
CVE-2023-28126
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message...
CVE-2021-42133
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...
CVE-2021-30497
Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...
CVE-2021-42125
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files...
CVE-2021-42127
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service...
CVE-2022-36974
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...
CVE-2024-47007
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service...
CVE-2024-27976
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...
Ivanti Avalanche path traversal vulnerability (CNVD-2025-15477)
Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that stems from the...
Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue results from the use of a vulnerable...
Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...
Ivanti Avalanche WLAvalancheService TV_FN Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default...
Ivanti Avalanche WLAvalancheService TV_FP Infinite Loop Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService service, which listens on TCP port 1777 by default...