all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-387: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability

Add to bookmarks
April 23, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-24997.

arbitrary code attackers authentication avalanche code code execution cve cve-2024 cves cvss directory directory traversal exploit ivanti ivanti avalanche rating remote code remote code execution vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 5 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +18
ZDI-24-418: (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability 5 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +18
ZDI-24-417: Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability 5 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-416: Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability 1 week ago | www.zerodayinitiative.com
arbitrary code attackers centreon code +12
ZDI-24-407: X.Org Server ProcRenderAddGlyphs Use-After-Free Local Privilege Escalation Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
attacker attackers code cve +23
ZDI-24-406: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
adobe adobe after effects aep after effects +18
ZDI-24-405: Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication authorization +20
ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
attacker attackers code cves +22
ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
attacker attackers code controller +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Director, Cyber Risk

@ Kroll | South Africa
View on infosec-jobs.com

Security Engineer, XRM

@ Meta | New York City
View on infosec-jobs.com

Security Analyst 3

@ Oracle | Romania
View on infosec-jobs.com

Internship - Cyber Security Operations

@ SES | Betzdorf, LU
View on infosec-jobs.com

Principal Product Manager (Network/Security Management) - NetSec

@ Palo Alto Networks | Bengaluru, India
View on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com
View more jobs