CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25146 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25146
24 Feb 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25148 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25148
24 Feb 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25144 – Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25144
24 Feb 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000292209 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24575
https://notcve.org/view.php?id=CVE-2023-24575
21 Feb 2023 — Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system • https://www.dell.com/support/kbdoc/en-us/000208396/dsa-2023-043 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32142 – LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
https://notcve.org/view.php?id=CVE-2021-32142
17 Feb 2023 — Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. • https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32972
https://notcve.org/view.php?id=CVE-2022-32972
17 Feb 2023 — Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. • https://community.infoblox.com/t5/trending-kb-articles/cve-2022-32972-infoblox-bloxone-endpoint-for-windows-local/ba-p/24912 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32163
https://notcve.org/view.php?id=CVE-2021-32163
17 Feb 2023 — Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. • https://github.com/mosn/mosn/issues/1633 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36369 – qatzip: local privilege escalation
https://notcve.org/view.php?id=CVE-2022-36369
16 Feb 2023 — Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. A potential flaw was found in QATzip. This vulnerability may allow escalation of privileges. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23947 – Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets
https://notcve.org/view.php?id=CVE-2023-23947
16 Feb 2023 — The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). • https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-21822 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21822
14 Feb 2023 — Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 • CWE-416: Use After Free •