CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28603
https://notcve.org/view.php?id=CVE-2023-28603
13 Jun 2023 — Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-73: External Control of File Name or Path CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16283
https://notcve.org/view.php?id=CVE-2019-16283
09 Jun 2023 — A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. • https://support.hp.com/us-en/document/c06541912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34144 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34144
08 Jun 2023 — An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34145 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34145
08 Jun 2023 — An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34146 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34146
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34147 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34147
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34148 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34148
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31693
https://notcve.org/view.php?id=CVE-2022-31693
07 Jun 2023 — VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. • https://security.netapp.com/advisory/ntap-20221223-0009 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 10.0EPSS: 39%CPEs: 11EXPL: 4CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-3079
05 Jun 2023 — Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corru... • https://packetstorm.news/files/id/176211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33693
https://notcve.org/view.php?id=CVE-2023-33693
05 Jun 2023 — A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. • https://github.com/tsingsee/EasyPlayerPro-Win/blob/master/Src/C%2B%2B/EasyPlayerPro/xmlConfig.h • CWE-787: Out-of-bounds Write •