admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-26 22:00:42 +00:00
parent bc259454ba
commit b3895e6d18
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
36 changed files with 1788 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
2023/28xxx/CVE-2023-28929.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2023",
"version_value": "17.7.1634"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
]
}

54
2023/30xxx/CVE-2023-30902.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}

5
2023/31xxx/CVE-2023-31130.json
View File

@ -78,6 +78,11 @@
"url": "https://www.debian.org/security/2023/dsa-5419",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5419"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html"
}
]
},

5
2023/32xxx/CVE-2023-32067.json
View File

@ -78,6 +78,11 @@
"url": "https://www.debian.org/security/2023/dsa-5419",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5419"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html"
}
]
},

59
2023/32xxx/CVE-2023-32521.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2023-17"
}
]
}

59
2023/32xxx/CVE-2023-32522.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2023-17"
}
]
}

59
2023/32xxx/CVE-2023-32523.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32524."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/"
}
]
}

59
2023/32xxx/CVE-2023-32524.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32523."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/"
}
]
}

59
2023/32xxx/CVE-2023-32525.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32526."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/"
}
]
}

59
2023/32xxx/CVE-2023-32526.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32525."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/"
}
]
}

59
2023/32xxx/CVE-2023-32527.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32528."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/"
}
]
}

59
2023/32xxx/CVE-2023-32528.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32527."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Moibile Security for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.8 SP5",
"version_value": "9.8.3294"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/"
}
]
}

59
2023/32xxx/CVE-2023-32529.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.\r\n\r\nPlease note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32530."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-652/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-652/"
}
]
}

59
2023/32xxx/CVE-2023-32530.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.\r\n\r\nPlease note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32529."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-654/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-654/"
}
]
}

59
2023/32xxx/CVE-2023-32531.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32532 through 32535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-724/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-724/"
}
]
}

59
2023/32xxx/CVE-2023-32532.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-723/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-723/"
}
]
}

59
2023/32xxx/CVE-2023-32533.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-726/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-726/"
}
]
}

59
2023/32xxx/CVE-2023-32534.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-725/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-725/"
}
]
}

59
2023/32xxx/CVE-2023-32535.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32534."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-857/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-857/"
}
]
}

54
2023/32xxx/CVE-2023-32536.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}

54
2023/32xxx/CVE-2023-32537.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}

59
2023/32xxx/CVE-2023-32552.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32552",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.\r\n\r\nThis is similar to, but not identical to CVE-2023-32553"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-655/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-655/"
}
]
}

59
2023/32xxx/CVE-2023-32553.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.\r\n\r\nThis is similar to, but not identical to CVE-2023-32552."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-653/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-653/"
}
]
}

59
2023/32xxx/CVE-2023-32554.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-657/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-657/"
}
]
}

59
2023/32xxx/CVE-2023-32555.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32554."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-656/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-656/"
}
]
}

59
2023/32xxx/CVE-2023-32556.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-651/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-651/"
}
]
}

54
2023/32xxx/CVE-2023-32557.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}

54
2023/32xxx/CVE-2023-32604.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}

54
2023/32xxx/CVE-2023-32605.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32604."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}

59
2023/34xxx/CVE-2023-34144.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12033"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-835/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-835/"
}
]
}

59
2023/34xxx/CVE-2023-34145.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34145",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34144."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12033"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-836/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-836/"
}
]
}

59
2023/34xxx/CVE-2023-34146.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12033"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-832/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-832/"
}
]
}

59
2023/34xxx/CVE-2023-34147.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2019",
"version_value": "14.0.0.12033"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"refsource": "MISC",
"name": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-833/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-833/"
}
]
}

76
2023/35xxx/CVE-2023-35164.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dataease",
"product": {
"product_data": [
{
"product_name": "dataease",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.18.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-grxm-fc3h-3qgj",
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-grxm-fc3h-3qgj"
}
]
},
"source": {
"advisory": "GHSA-grxm-fc3h-3qgj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

18
2023/36xxx/CVE-2023-36746.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36746",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/36xxx/CVE-2023-36747.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}