ZDI-24-401: Progress Software Telerik Reporting ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability | allinfosecnews.com

April 25, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1801.

arbitrary code attackers code code execution cvss data deserialization exploit file malicious page progress progress software rating remote code remote code execution reporting software target telerik untrusted vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 2 days ago | www.zerodayinitiative.com

attacker attackers avira code +20

ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attack attackers attack vectors +21

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com