CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47200 – Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47200
14 Nov 2023 — A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de validación del origen del administrador de complementos en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47196 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47196
14 Nov 2023 — An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro ... • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28134 – Local Privliege Escalation in Check Point Endpoint Security Remediation Service
https://notcve.org/view.php?id=CVE-2023-28134
12 Nov 2023 — Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. ... Un atacante local puede aumentar los privilegios en las instalaciones afectadas de Check Point Harmony Endpoint/ZoneAlarm Extreme Security. ... This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. ... An attacker can leverage this vulnerab... • https://support.checkpoint.com/results/sk/sk181597 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
09 Nov 2023 — This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. ... A local attacker could possibl... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3282 – Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
https://notcve.org/view.php?id=CVE-2023-3282
08 Nov 2023 — A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con ... • https://security.paloaltonetworks.com/CVE-2023-3282 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5760 – Time-of-check to time-of-use (TOCTOU) bug leads to full local privilege escalation.
https://notcve.org/view.php?id=CVE-2023-5760
08 Nov 2023 — This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8. ... Este error de TOCTOU conduce a una vulnerabilidad de escritura fuera de los límites que puede explotarse aún más, permitiendo a un atacante obtener una escalada de privilegios local completa en el sistema. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33480
https://notcve.org/view.php?id=CVE-2023-33480
07 Nov 2023 — RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. • https://github.com/remoteclinic/RemoteClinic/issues/24 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4996 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-4996
06 Nov 2023 — Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. Netskope fue informado de una vulnerabil... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.4EPSS: 0%CPEs: 68EXPL: 0CVE-2023-32840
https://notcve.org/view.php?id=CVE-2023-32840
06 Nov 2023 — This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32839
https://notcve.org/view.php?id=CVE-2023-32839
06 Nov 2023 — This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •