CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33240
https://notcve.org/view.php?id=CVE-2023-33240
Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. • https://www.foxit.com/support/security-bulletins.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4418
https://notcve.org/view.php?id=CVE-2022-4418
Local privilege escalation due to unrestricted loading of unsigned libraries. • https://security-advisory.acronis.com/advisories/SEC-4729 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45452
https://notcve.org/view.php?id=CVE-2022-45452
Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3967 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2860 – Out-of-bounds read when setting hmac data
https://notcve.org/view.php?id=CVE-2023-2860
An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-2860 https://bugzilla.redhat.com/show_bug.cgi?id=2218122 https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32554 – Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32554
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-657 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •