CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29444 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29444
10 Jan 2024 — An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52091 – Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52091
10 Jan 2024 — An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de link following a un motor anti-spyware en Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex On... • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52092 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52092
10 Jan 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de link following del agente de seguridad en Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Secu... • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52093 – Trend Micro Apex One Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52093
10 Jan 2024 — An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de función peligrosa expuesta en el agente Trend Micro Apex One podría permitir que un atacante local escale privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex O... • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52094 – Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52094
10 Jan 2024 — An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. ... Una vulnerabilidad de updater link following en el agente Trend Micro Apex One podría permitir que un atacante local abuse del actualizador para eliminar una carpeta arbitraria, lo que provocaría una escalada de privilegios locales en las instalacion... • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52090 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52090
10 Jan 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de link following del agente de seguridad en Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Secu... • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7032 – Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7032
09 Jan 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-009-02.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21310 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21310
09 Jan 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310 • CWE-197: Numeric Truncation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6631 – Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
https://notcve.org/view.php?id=CVE-2023-6631
08 Jan 2024 — PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. Las versiones 2020 Update 16 y anteriores de PowerSYSTEM Center contienen una vulnerabilidad que puede permitir que un usuario local autorizado inserte código arbitrario en la ruta del servicio sin comillas y escale privilegios. • https://subnet.com/contact • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50612
https://notcve.org/view.php?id=CVE-2023-50612
06 Jan 2024 — Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. • https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA • CWE-276: Incorrect Default Permissions •