Summary: Product Trend Micro Mobile Security (Enterprise) 9.8 SP5 Vendor Trend Micro Severity Critical Affected Versions Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Tested Version(s) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (Critical Patch 3) CVE Identifier CVE-2023-32524 CVE Description Improper implementation of the authentication mechanism results in authentication bypass for affected installations of Trend Micro Mobile Security (Enterprise) 9....

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex Central 2019 Build 6016 CVE Identifier CVE-2023-32529 CVE Description Missing input validation in Apex Central 2019 Build 6016 and below uses user-supplied certificate values to construct a part of a SQL query that is executed in the DeleteCertById() function....

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6016 Tested Version(s) Apex Central 2019 Build 6016 CVE Identifier CVE-2023-32530 CVE Description Missing input validation in Apex Central 2019 Build 6016 and below uses user-supplied certificate values to construct a part of a SQL query that is executed in the AddCert() function....

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex Central 2019 Build 6394 CVE Identifier CVE-2023-38624 CVE Description Missing input validation in Apex Central 2019 Build 6394 and below uses user-supplied values to perform a server-side request in a function in modTMSL....

Summary: Product Trend Micro Apex Central 2019 Vendor Trend Micro Severity High Affected Versions Apex Central 2019 Build <= 6394 Tested Version(s) Apex Central 2019 Build 6394 CVE Identifier CVE-2023-38625 CVE Description Missing input validation in Apex Central 2019 Build 6394 and below uses user-supplied values to perform a server-side request in a function in modDeepSecurity....

Summary: Product Obsidian Vendor Obsidian Severity High Affected Versions Obsidian < 1.2.8 Tested Versions Obsidian 1.1.16 CVE Identifier CVE-2023-2110 CVE Description Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via “app://local/<absolute-path>”. This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian....

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2316 CVE Description Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/<absolute-path>”....