ZDI-24-060: Ivanti Avalanche WLAvalancheService TV_NL Null Pointer Dereference Denial-of-Service Vulnerability | allinfosecnews.com

Jan. 11, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-46260.

attackers authentication avalanche cve cves cvss exploit ivanti ivanti avalanche rating service vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-454: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

access access rights attackers authentication +18

ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

access access rights arbitrary code attackers +20

ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +16

ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day attackers authentication authentication bypass +12

ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +17

ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 3 days, 1 hour ago | www.zerodayinitiative.com

0day attackers authentication cgi +13

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Product Delivery Associate - Cybersecurity | CyberOps

@ JPMorgan Chase & Co. | NY, United States

View on infosec-jobs.com

Security Ops Infrastructure Engineer (Remote US):

@ RingCentral | Remote, USA

View on infosec-jobs.com

SOC Analyst-1

@ NTT DATA | Bengaluru, India

View on infosec-jobs.com