ZDI-24-1695: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-37373.

USN-7172-1: libvpx vulnerability

It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a...

December 18, 2024

USN-7176-1: GStreamer Good Plugins vulnerabilities

Antonio Morales discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to...

December 18, 2024

USN-7175-1: GStreamer Base Plugins vulnerabilities

Antonio Morales discovered that GStreamer Base Plugins incorrectly handled certain malformed media files. An attacker could use these issues to...

December 18, 2024

USN-7174-1: GStreamer vulnerability

Antonio Morales discovered that GStreamer incorrectly handled allocating memory for certain buffers. An attacker could use this issue to cause...

December 18, 2024

USN-7171-1: PHPUnit vulnerability

It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this...

December 18, 2024

USN-7168-1: EditorConfig vulnerabilities

It was discovered that EditorConfig improperly managed memory when handling certain inputs, leading to overflows. An attacker could possibly use...

December 18, 2024

New Advances in the Understanding of Prime Numbers

US Government Issues Cloud Security Requirements for Federal Agencies

Phishing Attacks Double in 2024

New Attacks Exploit VSCode Extensions and npm Packages

It’s time to stop calling it “pig butchering”

How to Lose a Fortune with Just One Bad Click

Attacker Distributes DarkGate Using MS Teams Vishing Technique

Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams

Meta Hit with Massive $263m GDPR Fine

ZDI-24-1695: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability

USN-7172-1: libvpx vulnerability

USN-7176-1: GStreamer Good Plugins vulnerabilities

USN-7175-1: GStreamer Base Plugins vulnerabilities

USN-7174-1: GStreamer vulnerability

USN-7171-1: PHPUnit vulnerability

USN-7168-1: EditorConfig vulnerabilities