CVE-2023-45794
https://notcve.org/view.php?id=CVE-2023-45794
A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVE-2023-44374
https://notcve.org/view.php?id=CVE-2023-44374
With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. ... With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf https://cert-portal.siemens.com/productcert/html/ssa-690517.html • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •
CVE-2023-6006 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-6006
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de PaperCut NG. ... This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/CommonSecurityQuestions https://www.papercut.com/kb/Main/Security-Bulletin-November-2023 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2023-47195 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47195
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1615 • CWE-346: Origin Validation Error •
CVE-2023-47198 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47198
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1619 • CWE-346: Origin Validation Error •