CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52090 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52090
10 Jan 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52091 – Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52091
10 Jan 2024 — An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52092 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52092
10 Jan 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52093 – Trend Micro Apex One Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52093
10 Jan 2024 — An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52094 – Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52094
10 Jan 2024 — An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7032 – Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7032
09 Jan 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-009-02.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21310 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21310
09 Jan 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310 • CWE-197: Numeric Truncation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6631 – Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
https://notcve.org/view.php?id=CVE-2023-6631
08 Jan 2024 — PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. • https://subnet.com/contact • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50612
https://notcve.org/view.php?id=CVE-2023-50612
06 Jan 2024 — Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. • https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50027
https://notcve.org/view.php?id=CVE-2023-50027
05 Jan 2024 — SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. • https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •