This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-52338.
Daily Archives: January 19, 2024
ZDI-24-077: Trend Micro Apex Central Unrestricted File Upload Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2023-52324.
ZDI-24-078: Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41176.
ZDI-24-079: Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41177.
ZDI-24-080: Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41178.
ansible-core-2.14.11-2.fc38
FEDORA-2024-cfa5a5cbac
Packages in this update:
ansible-core-2.14.11-2.fc38
Update description:
Mitigate CVE-2024-0690
ansible-core-2.16.2-2.fc39
FEDORA-2024-0d894565a0
Packages in this update:
ansible-core-2.16.2-2.fc39
Update description:
Mitigate CVE-2024-0690