Read Time:10 Second
It was discovered that Tinyproxy did not properly manage memory during the
parsing of HTTP connection headers. An attacker could use this issue to
cause a DoS or possibly execute arbitrary code.
Daily Archives: January 8, 2025
ZDI-25-001: Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-55631.
ZDI-25-002: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52050.
ZDI-25-003: Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-55632.
ZDI-25-004: Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-55917.
ZDI-25-005: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52048.
ZDI-25-006: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52049.
ZDI-25-007: Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-52047.
ZDI-25-008: Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
Read Time:21 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Subsequent user interaction on the part of an administrator is additionally required. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-55955.
USN-7189-1: HTMLDOC vulnerabilities
Read Time:1 Minute, 23 Second
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to a stack buffer overflow. An attacker could potentially use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23206, CVE-2021-40985, CVE-2021-43579)
It was discovered that HTMLDOC incorrectly handled memory in
pdpdf_prepare_page and render_table_row, which could lead to a heap buffer
overflow. An attacker could potentially use this issue to cause a denial
of service or execute arbitrary code. (CVE-2021-26252, CVE-2021-26259)
It was discovered that HTMLDOC incorrectly handled memory in
parse_paragraph, which could lead to a heap buffer overflow. An attacker
could potentially use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34119)
It was discovered that HTMLDOC incorrectly handled memory in parse_tree.
An attacker could potentially use this issue to leak sensitive
information. (CVE-2021-34121)