Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•35 views

Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadSimpleFile method. The iss...

7.2CVSS7.8AI score0.0179EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•23 views

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. Th...

7.5CVSS6.5AI score0.01904EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•15 views

Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a...

9.8CVSS7.1AI score0.02398EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•19 views

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...

9.8CVSS7.9AI score0.01259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•30 views

X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DisableDevice...

7.8CVSS7.5AI score0.0142EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•26 views

X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.5AI score0.0142EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•17 views

X.Org Server DeliverStateNotifyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.5AI score0.01229EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•30 views

X.Org Server XIQueryPointer Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ProcXIQueryPointer...

7.8CVSS7.5AI score0.02106EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/09 12:0 a.m.•26 views

X.Org Server DeviceFocusEvent Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

7.8CVSS7.5AI score0.02106EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/08 12:0 a.m.•26 views

Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of the multilines log format. Th...

7.4CVSS7.6AI score0.00236EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/08 12:0 a.m.•17 views

Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS7.6AI score0.00487EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•40 views

(Pwn2Own) Canon imageCLASS MF753Cdw CADM setResource Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper...

8.8CVSS7.5AI score0.01383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•33 views

(Pwn2Own) Canon imageCLASS MF753Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Authorization header provided to the...

8.8CVSS7.5AI score0.01457EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•27 views

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from the lack...

6.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•45 views

(Pwn2Own) Canon imageCLASS MF753Cdw CADM rmSetFileName Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper...

8.8CVSS7.5AI score0.01383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•38 views

(Pwn2Own) Canon imageCLASS MF753Cdw SLP service-url Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the service-url parameter provided to the...

8.8CVSS7.5AI score0.01383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•22 views

Canon imageCLASS MF753Cdw Fax Job Heap-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of fax jobs. The issue results from the lack o...

8.8CVSS7.5AI score0.01383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•29 views

(Pwn2Own) Canon imageCLASS MF753Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Authorization header provided to the...

8.8CVSS7.5AI score0.01457EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•21 views

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from...

5.3CVSS6.9AI score0.00822EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•25 views

Oracle Product Lifecycle Management ExportServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Product Lifecycle Management. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExportServlet. The issue results from the lack of proper validation ...

8.8CVSS7.4AI score0.03405EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/06 12:0 a.m.•41 views

(Pwn2Own) Canon imageCLASS MF753Cdw Probe message Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Probe messages. The issue results from the...

8.8CVSS7.5AI score0.01383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/05 12:0 a.m.•39 views

(Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of...

7.5CVSS7.5AI score0.00912EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/02/05 12:0 a.m.•62 views

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issu...

6.8CVSS7.6AI score0.00973EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/01/31 12:0 a.m.•16 views

(Pwn2Own) Lexmark CX331adwe PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validatio...

7.5CVSS7.8AI score0.00773EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/31 12:0 a.m.•24 views

(Pwn2Own) Lexmark CX331adwe make42charstring Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the make42charstring method. The issue results from the lack of...

8.8CVSS7.5AI score0.00772EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/31 12:0 a.m.•30 views

(Pwn2Own) Lexmark CX331adwe Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authentication within the web interface. The...

8.8CVSS7.8AI score0.00976EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/31 12:0 a.m.•30 views

(Pwn2Own) Lexmark CX331adwe PostScript File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of...

8.8CVSS7.6AI score0.00773EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•23 views

Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.4AI score0.00242EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•26 views

Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend...

7.8CVSS7.5AI score0.0031EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•13 views

Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

6.3CVSS7.2AI score0.00507EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•14 views

Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

6.3CVSS7.2AI score0.01798EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•14 views

Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

6.3CVSS7.2AI score0.01798EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/19 12:0 a.m.•29 views

Trend Micro Apex Central Unrestricted File Upload Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of uploaded ZIP files. The issue results from the lack of proper...

6.5CVSS7.4AI score0.04172EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/18 12:0 a.m.•13 views

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.1CVSS7.5AI score0.00936EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/16 12:0 a.m.•23 views

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.1CVSS7.5AI score0.02475EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/16 12:0 a.m.•24 views

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.1CVSS7.5AI score0.02475EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/16 12:0 a.m.•17 views

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.1CVSS7.5AI score0.02475EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/15 12:0 a.m.•50 views

Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w...

8.8CVSS7.2AI score0.01748EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/15 12:0 a.m.•48 views

Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper...

7.5CVSS7.5AI score0.00663EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•29 views

D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•22 views

D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01023EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•22 views

D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•17 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.06782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•33 views

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the u...

6.3CVSS7AI score0.03871EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•24 views

Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability

This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue results from improper handling of the...

7.3CVSS7.1AI score0.0345EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•23 views

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server,...

8.8CVSS7.5AI score0.01315EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•23 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.06782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•26 views

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8CVSS7.6AI score0.01707EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•11 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.06782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•18 views

Ivanti Avalanche WLAvalancheService TV_NL Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from dereferencing a null...

7.5CVSS6.7AI score0.09837EPSS
Exploits0References1
Total number of security vulnerabilities16763