CVE-2024-3152 – Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3152
An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVE-2024-36305 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36305
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace de agente de seguridad tras una vulnerabilidad en Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-572 •
CVE-2024-36303 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36303
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302. Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-570 •
CVE-2024-36358 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36358
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace que sigue a una vulnerabilidad en los agentes Trend Micro Deep Security 20.x por debajo de la compilación 20.0.1-3180 podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298151 https://www.zerodayinitiative.com/advisories/ZDI-24-575 •
CVE-2024-32849 – Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-32849
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. Trend Micro Security 17.x (Consumidor) es afectado por una vulnerabilidad de escalada de privilegios que podría permitir a un atacante local eliminar involuntariamente archivos privilegiados de Trend Micro, incluido el suyo propio. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-19175 https://www.zerodayinitiative.com/advisories/ZDI-24-576 • CWE-269: Improper Privilege Management •