CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36358 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36358
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace que sigue a una vulnerabilidad en los agentes Trend Micro Deep Security 20.x por debajo de la compilación 20.0.1-3180 podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298151 https://www.zerodayinitiative.com/advisories/ZDI-24-575 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36304 – Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36304
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de tiempo de verificación de tiempo de uso en Trend Micro Apex One y Apex One como agente de servicio podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-571 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31334 – PowerVR DevmemXIntMapPages() Mapping Issue
https://notcve.org/view.php?id=CVE-2024-31334
This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/2024-07-01 • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-20075
https://notcve.org/view.php?id=CVE-2024-20075
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-20074
https://notcve.org/view.php?id=CVE-2024-20074
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-787: Out-of-bounds Write •