ZDI-24-561: Progress Software Telerik Reporting Register Authentication Bypass Vulnerability | allinfosecnews.com

May 31, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4358.

attackers authentication authentication bypass bypass bypass vulnerability cve cve-2024 cves cvss exploit progress progress software rating register reporting software telerik vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 1 day, 10 hours ago | www.zerodayinitiative.com

attackers authentication cve cve-2024 +16

ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +25

ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +21

ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +23

ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +24

ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cameras +16

ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

attackers authentication cameras cvss +11

ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

attacker attackers cameras code +18

ZDI-24-833: (Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +17

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com