CVE-2023-52337

An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...

CVE-2023-52337

CVE-2023-52337 describes an improper access control vulnerability in Trend Micro Deep Security 20.0 and in Trend Micro Cloud One – Endpoint and Workload Security Agent. The flaw arises from insufficient access controls in the Anti-Malware Solution Platform, enabling a local attacker who can execu...

Trend Micro Deep Security Security Vulnerabilities

Trend Micro Deep Security is a server deep security system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security version 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent that stems from an improper access control vulnerability. It could allow a...

Trend Micro Deep Security Security Vulnerabilities

Trend Micro Deep Security is a server deep security system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security version 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. It could allow a local attacker to elevate privileges on an affected...

Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend...

Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Vulnerabilities fixed in Trend Micro Deep Security

Trend Micro has fixed vulnerabilities in Deep Security. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges and thus potentially execute arbitrary code execute arbitrary code with elevated privileges. Depending on the implementation this may include th...

Malicious code in deep-search-exports-directory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05115bc38d2b7d646eb62c3541059ec47a535e35fad54010bcc53578fe1c7099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-41 Malicious code in deep-search-exports-directory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05115bc38d2b7d646eb62c3541059ec47a535e35fad54010bcc53578fe1c7099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

Remote code execution

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

CVE-2024-21625

CVE-2024-21625 affects SideQuest desktop (pre-0.10.35). The vulnerability stems from improper sanitization of deep link URLs (sidequest://) in the Electron app, allowing a one-click remote code execution when a device is connected and a user clicks a malicious link from within the app. As of vers...

CVE-2024-21625 One-click remote code execution via malicious deep link

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

SideQuest Input Validation Error Vulnerability

SideQuest is an open source game store application from SideQuest. An input validation error vulnerability exists in versions of SideQuest prior to 0.10.35, which stems from a vulnerability that allows an attacker to remotely execute code with one click via a malicious deep link...

PT-2024-18977 · Sidequest · Sidequest

Name of the Vulnerable Software and Affected Versions: SideQuest versions prior to 0.10.35 Description: The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Due to improper sanitization of deep link URLs...

Mattermost Path Traversal Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 2.10.0 and earlier versions, which stems from an inability to clean up deep link paths, allowing an attacker to perform a cross-site request forgery CSRF...

Prototype Pollution

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution through the zipObjectDeep function due to improper user input sanitization in the baseZipObject function. PoC...

OESA-2023-1971 jackson-databind security update

The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. Security Fixes: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of servic...