CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30902
https://notcve.org/view.php?id=CVE-2023-30902
26 Jun 2023 — A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
26 Jun 2023 — Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2023-25515 – Gentoo Linux Security Advisory 202405-28
https://notcve.org/view.php?id=CVE-2023-25515
23 Jun 2023 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected. • https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28065
https://notcve.org/view.php?id=CVE-2023-28065
23 Jun 2023 — Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-28071
https://notcve.org/view.php?id=CVE-2023-28071
23 Jun 2023 — Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). • https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35174 – Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
https://notcve.org/view.php?id=CVE-2023-35174
22 Jun 2023 — Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3. • https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-33842 – IBM SPSS Modeler information disclosure
https://notcve.org/view.php?id=CVE-2023-33842
22 Jun 2023 — IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256117 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28956 – IBM Spectrum Protect Backup-Archive Client privilege escalation
https://notcve.org/view.php?id=CVE-2023-28956
22 Jun 2023 — IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767. IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251767 • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29542
https://notcve.org/view.php?id=CVE-2023-29542
19 Jun 2023 — A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. A newline in a filename could have been used to bypass the file extension secur... • https://bugzilla.mozilla.org/show_bug.cgi?id=1810793 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29532
https://notcve.org/view.php?id=CVE-2023-29532
19 Jun 2023 — A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunder... • https://bugzilla.mozilla.org/show_bug.cgi?id=1806394 •