all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

Add to bookmarks
April 26, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21113.

attacker attackers code cves cvss disclosure exploit high information information disclosure information disclosure vulnerability local memory oracle oracle virtualbox order privileged pwn2own rating sensitive sensitive information system target virtualbox vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
attacker attackers avira code +20
ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication code +16
ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attack attackers attack vectors +21
ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com