CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a "2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle." Blog moderation policy...

Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element

Overview Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent for Windows that contains a fix for an uncontrolled search path element vulnerability CWE-427, CVE-2024-55955. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the...

Trend Micro Deep Security 安全漏洞

Trend Micro Deep Security is a server deep security protection system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security that stems from the inclusion of a privilege assignment error vulnerability that could allow a local attacker to elevate the privileges of an...

PT-2024-41129 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent affected versions not specified Description: The issue is related to an incorrect link resolution before accessing a file, which can lead to a denial-of-service condition when exploited. Recommendations: At the...

PT-2024-36618 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent versions 20.0.1-9400 through 20.0.1-23340 Description: An incorrect permissions assignment issue could allow a local attacker to escalate privileges on affected installations. To exploit this issue, an attacker...

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

Overview Trend Micro Incorporated has released the security updates for Deep Security Agent for Windows and Deep Security Notifier on DSVA for Windows VM to fix an OS command injection vulnerability CWE-78, CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notif...

Vulnerability fixed in Trend Micro Deep Security

Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...

CVE-2024-51503

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...

openexr security update

An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...

Trend Micro Deep Security Agent Local Privilege Escalation (KA-0016724)

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Note that Nessus has not tested for this issue but has instead relied solely on the application's self-reported version...

Trend Micro Deep Security 安全漏洞

Trend Micro Deep Security is a server deep security system client from Trend Micro. A security vulnerability exists in versions prior to Trend Micro Deep Security 20.0.1-21510 that stems from the presence of a command injection vulnerability that could allow an attacker to elevate privileges and...

Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Deep Security Notifier service. The issue results from the...

PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...

CVE-2021-34753 Cisco Firepower Threat Defense Ethernet Industrial Protocol Policy Bypass Vulnerabilities

A vulnerability in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packe...

Medium: nodejs20

Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

OpenEXR: Heap Overflow in Scanline Deep Data Parsing

A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...

ALSA-2024:9548 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...