ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.
- ZDI-CAN-23973: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24012: Appleon May 9, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Junsung Lee’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23953: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23975: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23956: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24149: Appleon May 9, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24011: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23974: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23958: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23957: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24145: Trimbleon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23972: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23971: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24010: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23951: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23952: VMwareon May 9, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23969: IrfanViewon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-17700: Trend Microon May 9, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Abdelhamid Naceri’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24144: Trimbleon May 8, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24146: Trimbleon May 8, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24090: Adobeon May 8, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23994: XWiki.orgon May 6, 2024 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘John Kwak of Trend Micro Security Research’ was reported to the affected vendor on: 2024-05-06, 5 days ago. The vendor is given until 2024-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23010: Lenovoon May 6, 2024 at 5:00 am
A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Darrel Huang’ was reported to the affected vendor on: 2024-05-06, 5 days ago. The vendor is given until 2024-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-23983: WinZip Computingon May 3, 2024 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-03, 8 days ago. The vendor is given until 2024-08-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24132: Appleon May 2, 2024 at 5:00 am
A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24127: Appleon May 2, 2024 at 5:00 am
A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24125: Appleon May 2, 2024 at 5:00 am
A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24130: Appleon May 2, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24133: Appleon May 2, 2024 at 5:00 am
A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24000: Microsofton May 2, 2024 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Simon Zuckerbraun and Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.