Advisories

A chronological list of vulnerabilities published by STAR Labs researchers, with technical details, affected versions, and disclosure timelines.

Advisory Aug 22, 2023

(CVE-2023-32529) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex …

ByPoh Jia Hao

Advisory Aug 22, 2023

(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex …

ByPoh Jia Hao

Advisory Aug 22, 2023

(CVE-2023-38624) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex …

ByPoh Jia Hao

Advisory Aug 22, 2023

(CVE-2023-38625) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex …

ByPoh Jia Hao

Advisory Aug 19, 2023

(CVE-2023-2110) Obsidian Local File Disclosure

Summary: Product Obsidian Vendor Obsidian Severity High Affected Versions Obsidian < 1.2.8 Tested Versions Obsidian 1.1.16 CVE Identifier CVE-2023-2110 CVE …

ByLi Jiantao

Advisory Aug 19, 2023

(CVE-2023-2316) Typora Local File Disclosure

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora …

ByLi Jiantao

Advisory Aug 19, 2023

(CVE-2023-2317) Typora DOM-Based Cross-site Scripting leading to Remote Code Execution

Summary: Product Typora Vendor Typora Severity High Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for …

ByLi Jiantao

Advisory Aug 19, 2023

(CVE-2023-2318) MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

Summary: Product MarkText Vendor MarkText Severity High Affected Versions MarkText <= 0.17.1 Tested Versions MarkText 0.17.1 CVE Identifier CVE-2023-2318 CVE …

ByLi Jiantao

Advisory Aug 19, 2023

(CVE-2023-2971) Typora Local File Disclosure (Patch Bypass)

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.7.0-dev Tested Versions Typora for Windows 1.6.7, Typora …

ByLi Jiantao

Advisory Jul 14, 2023

(CVE-2023-3513) RazerCentralService unsafe deserialization Escalation of Privilege Vulnerability

Summary Product Razer CentralService Vendor Razer Severity High - Adversaries may exploit software vulnerabilities to obtain privilege escalation. Affected …

ByPhan Thanh Duy