HNS-2024-06 – HN Security Advisory – Multiple vulnerabilities in Eclipse ThreadX
Posted by Marco Ivaldi on May 29 Hi, Please find attached a security advisory that describes multiple vulnerabilities we discovered in Eclipse ThreadX (aka Azure...
Multiple Vulnerabilities in Fortinet FortiSIEM Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Fortinet FortiSIEM which could allow for remote code execution. FortiSIEM is a multi-tenant SIEM that offers real-time infrastructure and...
USN-6799-1: Werkzeug vulnerability
It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code...
USN-6798-1: GStreamer Base Plugins vulnerability
It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause...
USN-6796-1: TPM2 Software Stack vulnerabilities
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack...
USN-6797-1: Intel Microcode vulnerabilities
It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX...
ZDI-24-517: Progress Software WhatsUp Gold FaviconController Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The...
ZDI-24-518: Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability,...
ZDI-24-525: A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged...
ZDI-24-524: A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The ZDI...