CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38116 – Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38116
Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-994 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38108 – Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38108
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-986 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38627 – Trend Micro Apex Central modTXSO Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38627
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38626. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1001 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38626 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38626
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38625. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1000 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38625 – Trend Micro Apex Central modDeepSecurity Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38625
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38624. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-999 • CWE-918: Server-Side Request Forgery (SSRF) •