{"vulnerability": "CVE-2023-3255", "sightings": [{"uuid": "30a6bcc4-b31d-4778-b165-f1a09a2c5e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32558", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "fe8cc6bc-9039-4f5d-9392-129e2256b0b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32559", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "0982fe95-8074-40c6-918e-1ba53e6dfdb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32550", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/522", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32550\n\ud83d\udd39 Description: Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.\n\ud83d\udccf Published: 2023-06-06T15:07:42.162Z\n\ud83d\udccf Modified: 2025-01-07T18:01:11.352Z\n\ud83d\udd17 References:\n1. https://bugs.launchpad.net/landscape/+bug/1929037", "creation_timestamp": "2025-01-07T18:40:00.000000Z"}, {"uuid": "a53064d1-8b4d-472f-b1d9-d9e5ffebb361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32551", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32551\n\ud83d\udd39 Description: Landscape allowed URLs which caused open redirection.\n\ud83d\udccf Published: 2023-06-06T15:07:49.329Z\n\ud83d\udccf Modified: 2025-01-07T17:58:25.779Z\n\ud83d\udd17 References:\n1. https://bugs.launchpad.net/landscape/+bug/1929620", "creation_timestamp": "2025-01-07T18:40:17.000000Z"}, {"uuid": "ce0aea3c-8ad6-4b4f-8b37-66b8edda1248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3255", "type": "seen", "source": "https://t.me/cibsecurity/70401", "content": "\u203c CVE-2023-3255 \u203c\n\nA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T20:23:49.000000Z"}, {"uuid": "2be1b0d5-aef4-45c5-a1d3-9f726f3a9489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32559", "type": "seen", "source": "https://t.me/cibsecurity/69107", "content": "\u203c CVE-2023-32559 \u203c\n\nA privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-24T07:12:58.000000Z"}, {"uuid": "7fa76c17-2cae-4a56-b00d-ced2029f0d1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32552", "type": "seen", "source": "https://t.me/cibsecurity/65548", "content": "\u203c CVE-2023-32553 \u203c\n\nAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32552.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:56.000000Z"}, {"uuid": "b24ccdf9-d448-46db-a615-0cfe4d0eef48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32553", "type": "seen", "source": "https://t.me/cibsecurity/65545", "content": "\u203c CVE-2023-32552 \u203c\n\nAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32553\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:53.000000Z"}, {"uuid": "56929b6a-b945-4fc7-8f67-ac0562ec68da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32557", "type": "seen", "source": "https://t.me/cibsecurity/65542", "content": "\u203c CVE-2023-32557 \u203c\n\nA path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:22:00.000000Z"}, {"uuid": "2eda3196-8338-4f4e-a29a-b1d3f84e21c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32556", "type": "seen", "source": "https://t.me/cibsecurity/65540", "content": "\u203c CVE-2023-32556 \u203c\n\nA link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:21:58.000000Z"}, {"uuid": "cf79806f-e423-4b55-a332-c3338b21e274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32553", "type": "seen", "source": "https://t.me/cibsecurity/65548", "content": "\u203c CVE-2023-32553 \u203c\n\nAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32552.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:56.000000Z"}, {"uuid": "2458b810-618a-4528-a869-0d9b84fcc85f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32554", "type": "seen", "source": "https://t.me/cibsecurity/65547", "content": "\u203c CVE-2023-32555 \u203c\n\nA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32554.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:55.000000Z"}, {"uuid": "55087bac-0b27-42ea-81f2-31b9a1d02012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32555", "type": "seen", "source": "https://t.me/cibsecurity/65547", "content": "\u203c CVE-2023-32555 \u203c\n\nA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32554.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:55.000000Z"}, {"uuid": "24e5c249-f190-4fc0-b2a9-1fe049c520b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32552", "type": "seen", "source": "https://t.me/cibsecurity/65545", "content": "\u203c CVE-2023-32552 \u203c\n\nAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32553\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T02:24:53.000000Z"}]}