all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-061: Ivanti Avalanche WLAvalancheService TV_FC Stack-based Buffer Overflow Remote Code Execution Vulnerability

Add to bookmarks
Jan. 11, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-46259.

arbitrary code attackers authentication avalanche buffer buffer overflow code code execution cve cves cvss exploit ivanti ivanti avalanche overflow rating remote code remote code execution stack vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-427: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +17
ZDI-24-426: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +19
ZDI-24-425: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +18
ZDI-24-424: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +18
ZDI-24-423: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +18
ZDI-24-422: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
acrobat acrobat reader adobe adobe acrobat +18
ZDI-24-421: SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
attackers authentication authentication bypass bypass +14
ZDI-24-420: SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com
attackers authentication can cve +19
ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 1 week ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

XDR Detection Engineer

@ SentinelOne | Italy
View on infosec-jobs.com

Security Engineer L2

@ NTT DATA | A Coruña, Spain
View on infosec-jobs.com

Cyber Security Assurance Manager

@ Babcock | Portsmouth, GB, PO6 3EN
View on infosec-jobs.com

Senior Threat Intelligence Researcher

@ CloudSEK | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cybersecurity Analyst 1

@ Spry Methods | Washington, DC (Hybrid)
View on infosec-jobs.com

Security Infrastructure DevOps Engineering Manager

@ Apple | Austin, Texas, United States
View on infosec-jobs.com
View more jobs