ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.
- ZDI-CAN-23670: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23990: Microsofton April 24, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23661: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23566: Linuxon April 24, 2024 at 5:00 am
A CVSS score 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by ‘Berk Cem Goksel of SAFA Team, Kuzey Arda Bulut’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24004: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23874: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23659: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23421: Visteonon April 24, 2024 at 5:00 am
A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23422: Visteonon April 24, 2024 at 5:00 am
A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23525: Ivantion April 24, 2024 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23384: Autelon April 24, 2024 at 5:00 am
A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Midnight Blue / PHP Hooligans’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23513: Dockeron April 24, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Hashim Jawad (@ihack4falafel)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23932: Foxiton April 24, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24006: Rockwell Automationon April 24, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23869: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23420: Visteonon April 24, 2024 at 5:00 am
A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23880: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23759: Visteonon April 24, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24003: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23758: Visteonon April 24, 2024 at 5:00 am
A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23663: Progress Softwareon April 24, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24002: Rockwell Automationon April 24, 2024 at 5:00 am
A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23609: Allegraon April 24, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23925: Delta Electronicson April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23810: Delta Electronicson April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23896: GStreameron April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23809: Delta Electronicson April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23900: Foxiton April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23736: Foxiton April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23926: Delta Electronicson April 17, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.