ZDI-24-411: (Pwn2Own) Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability | allinfosecnews.com

April 26, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21121.

attacker attackers code cves cvss disclosure exploit high information information disclosure information disclosure vulnerability local memory oracle oracle virtualbox order privileged pwn2own rating sensitive sensitive information system target virtualbox vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-427: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +17

ZDI-24-426: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +19

ZDI-24-425: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-424: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-423: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-422: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-421: SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

attackers authentication authentication bypass bypass +14

ZDI-24-420: SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

attackers authentication can cve +19

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 1 week ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +18

XDR Detection Engineer

@ SentinelOne | Italy

View on infosec-jobs.com

Security Engineer L2

@ NTT DATA | A Coruña, Spain

View on infosec-jobs.com

Cyber Security Assurance Manager

@ Babcock | Portsmouth, GB, PO6 3EN

View on infosec-jobs.com

Senior Threat Intelligence Researcher

@ CloudSEK | Bengaluru, Karnataka, India

View on infosec-jobs.com

Cybersecurity Analyst 1

@ Spry Methods | Washington, DC (Hybrid)

View on infosec-jobs.com

Security Infrastructure DevOps Engineering Manager

@ Apple | Austin, Texas, United States

View on infosec-jobs.com