CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32555 – Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32555
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-656 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-32246 – Linux Kernel ksmbd RCU Callback Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32246
An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33952 – Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
https://notcve.org/view.php?id=CVE-2023-33952
This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33952 https://bugzilla.redhat.com/show_bug.cgi?id=2218212 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31572
https://notcve.org/view.php?id=CVE-2023-31572
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25394 – VideoStream Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-25394
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. • https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE https://getvideostream.com https://www.kb.cert.org/vuls/id/757109 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •