Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-23973: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24012: Apple
    on May 9, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Junsung Lee’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23953: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23975: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23956: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24149: Apple
    on May 9, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24011: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23974: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23958: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23957: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24145: Trimble
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23972: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23971: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24010: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23951: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23952: VMware
    on May 9, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23969: IrfanView
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-17700: Trend Micro
    on May 9, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Abdelhamid Naceri’ was reported to the affected vendor on: 2024-05-09, 2 days ago. The vendor is given until 2024-09-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24144: Trimble
    on May 8, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24146: Trimble
    on May 8, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24090: Adobe
    on May 8, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-05-08, 3 days ago. The vendor is given until 2024-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23994: XWiki.org
    on May 6, 2024 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘John Kwak of Trend Micro Security Research’ was reported to the affected vendor on: 2024-05-06, 5 days ago. The vendor is given until 2024-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23010: Lenovo
    on May 6, 2024 at 5:00 am

    A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Darrel Huang’ was reported to the affected vendor on: 2024-05-06, 5 days ago. The vendor is given until 2024-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-23983: WinZip Computing
    on May 3, 2024 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-03, 8 days ago. The vendor is given until 2024-08-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24132: Apple
    on May 2, 2024 at 5:00 am

    A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24127: Apple
    on May 2, 2024 at 5:00 am

    A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24125: Apple
    on May 2, 2024 at 5:00 am

    A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24130: Apple
    on May 2, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24133: Apple
    on May 2, 2024 at 5:00 am

    A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24000: Microsoft
    on May 2, 2024 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Simon Zuckerbraun and Peter Girnus (@gothburz) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-05-02, 9 days ago. The vendor is given until 2024-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Websitecyber related posts:

The World and the Cyber War Age

A cyber war is when countries want to intentionally damage other countries through cyberinfrastructure.

Hacking Optus A Beginner’s Guide

The cyber attack on Optus was apparently so unsophisticated, some analysts say a primary school student could have pulled it off.

Artificial Intelligence In Schools

ChatGPT artificial intelligence is beating students, generating answers that achieved similar or higher average grade than students in 9 of 32 courses.

The Last Watchdog

The Last Watchdog on Internet security by Byron Acohido

Elaborate AI Voice Cloning Scam

Scottsdale mom describes encounter with elaborate AI voice cloning scam. What came next was terrifying.

Recent T-Mobile Data Breaches

T-Mobile has suffered as many as eight confirmed data breaches in the past five years.

Port Hope Police Cyber Attack

A criminal investigation has been launched into the cyber attack, of the Port Hope Police Service.

Credit Card Skimming Uncovered

Skimming is a type of fraud where thieves use a small device to steal credit or debit card information. They attach these devices to ATMs or other card readers.

Increasing Cyber Threats

The increasing cyber threats and the number of cyberattacks on Ukraine has tripled over the last year as Russians are hacking systems and also missiles.

Tripwire’s State of Security

Tripwire’s State of Security.

Cyber Attack Costs Connecticut

Hackers made off with $6 million that belonged to New Haven Public Schools following a cyber attack on the Chief Operating Officers emails.

Tampa Teen Hacking of Twitter

Graham Clark is now serving a three-year prison sentence for hacking Twitter, dozens of celebrities and stealing tens of thousands of dollars in Bitcoin.
Share Websitecyber