Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-23670: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23990: Microsoft
    on April 24, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23661: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23566: Linux
    on April 24, 2024 at 5:00 am

    A CVSS score 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by ‘Berk Cem Goksel of SAFA Team, Kuzey Arda Bulut’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24004: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23874: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23659: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23421: Visteon
    on April 24, 2024 at 5:00 am

    A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23422: Visteon
    on April 24, 2024 at 5:00 am

    A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23525: Ivanti
    on April 24, 2024 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23384: Autel
    on April 24, 2024 at 5:00 am

    A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Midnight Blue / PHP Hooligans’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23513: Docker
    on April 24, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Hashim Jawad (@ihack4falafel)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23932: Foxit
    on April 24, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24006: Rockwell Automation
    on April 24, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23869: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23420: Visteon
    on April 24, 2024 at 5:00 am

    A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23880: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23759: Visteon
    on April 24, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24003: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23758: Visteon
    on April 24, 2024 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23663: Progress Software
    on April 24, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24002: Rockwell Automation
    on April 24, 2024 at 5:00 am

    A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23609: Allegra
    on April 24, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-24, 1 days ago. The vendor is given until 2024-08-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23925: Delta Electronics
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23810: Delta Electronics
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23896: GStreamer
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23809: Delta Electronics
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23900: Foxit
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23736: Foxit
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23926: Delta Electronics
    on April 17, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-04-17, 8 days ago. The vendor is given until 2024-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Websitecyber related posts:

Raleigh Housing Cyber Attack

State and federal authorities are working with the Raleigh Housing Authority Thursday afternoon after a cyber attack.

The Threat of Cyber Attacks

This past week, Canadian media giant Pelmorex, the parent company of the Weather Network, suffered a major cyber attack.

MIT News Artificial Intelligence

MIT News Artificial Intelligence MIT news feed about Artificial intelligence.

Avoid Phishing Scams

What are the 3 ways to avoid phishing? What is phishing and how it can be prevented? What are examples of phishing attacks?

Malicious Life

Malicious Life by Cybereason tells the history of cybersecurity, with comments by real hackers, security experts, journalists, and politicians.

The Ethical Dilemmas of Hacking

A captivating story that delves into the world of hacking, ethics, and the power of choices.

Healthcare Cybersecurity Threats

Cybersecurity threats that hospitals and health care groups face, which can impact both the care and personal information of patients.

Cyber Attack at Okanagan College

Okanagan College this winter has had a cyber attack earlier this week which led to the college completely shutting down their online system.

FBI's Most Wanted Hacker

The hacker hacked into the biggest companies in the world by stealing the Secrets of the US Military and an $18 Million FIFA fraud.

Medibank Hackers Show Data

The suspected Medibank hackers have released a sample of customer details including phone numbers and Medicare numbers early on Wednesday morning.

Massive Data Breach

PNP, NBI verifying alleged massive data breach involving several gov’t agencies. The Philippines is facing a potential massive data breach.

Cyber Threats to Australia

Cyber security one of the biggest threats to Australia’s defence and businesses.
Share Websitecyber