CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2023-24032
https://notcve.org/view.php?id=CVE-2023-24032
15 Jun 2023 — In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). En Zimbra Collaboration Suite a través de las versiones 9.0 y 8.8.15, un atacante (que tiene acceso de usuario inicial a una instancia de servidor Zimbra) puede ejecutar comandos como root pasando uno de los argumentos "JVM", lo que lleva a la escalada de privilegios... • https://wiki.zimbra.com/wiki/Security_Center • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0009 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2023-0009
14 Jun 2023 — A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2023-0009 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3001 – Schneider Electric IGSS UpdateService Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-3001
14 Jun 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34298 – Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34298
14 Jun 2023 — Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. An attacker can leverage this ... • https://www.zerodayinitiative.com/advisories/ZDI-23-858 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29361 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29361
13 Jun 2023 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 10EXPL: 2CVE-2023-29360 – Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2023-29360
13 Jun 2023 — Microsoft Streaming Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/0xDivyanshu-new/CVE-2023-29360 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30897
https://notcve.org/view.php?id=CVE-2023-30897
13 Jun 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32221 – EaseUS Todo Backup may allow local privilege escalation
https://notcve.org/view.php?id=CVE-2023-32221
12 Jun 2023 — EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34144 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34144
08 Jun 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34145 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34145
08 Jun 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •