This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-55632.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52050.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-55631.
A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-01-08, 0 days ago. The vendor is given until 2025-05-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to a stack buffer overflow. An attacker could potentially use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23206, CVE-2021-40985, CVE-2021-43579)
It was discovered that HTMLDOC incorrectly handled memory in
pdpdf_prepare_page and render_table_row, which could lead to a heap buffer
overflow. An attacker could potentially use this issue to cause a denial
of service or execute arbitrary code. (CVE-2021-26252, CVE-2021-26259)
It was discovered that HTMLDOC incorrectly handled memory in
parse_paragraph, which could lead to a heap buffer overflow. An attacker
could potentially use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34119)
It was discovered that HTMLDOC incorrectly handled memory in parse_tree.
An attacker could potentially use this issue to leak sensitive
information. (CVE-2021-34121)
It was discovered that FFmpeg incorrectly handled certain input, which
could lead to an integer overflow. An attacker could possibly use this
issue to cause a denial of service by crashing the application.
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or privilege escalation.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Media drivers;
– Network drivers;
– SMB network file system;
– Bluetooth subsystem;
– Amateur Radio drivers;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973,
CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553,
CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-50264, CVE-2024-49967, CVE-2024-53057)
