CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34146 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34146
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34147 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34147
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34148 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34148
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-32413 – Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32413
08 Jun 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/synacktiv/CVE-2023-32413 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-33865 – RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-33865
07 Jun 2023 — RenderDoc before 1.27 allows local privilege escalation via a symlink attack. • http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33553
https://notcve.org/view.php?id=CVE-2023-33553
07 Jun 2023 — An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. • https://github.com/0xfml/poc/blob/main/PLANET/WDRT-1800AX.md • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-33863 – RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-33863
07 Jun 2023 — SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1. RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities. • http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-33864 – RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-33864
07 Jun 2023 — StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize. RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities. • http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33223
https://notcve.org/view.php?id=CVE-2021-33223
07 Jun 2023 — An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. • https://sunil-singh.notion.site/SeedDMS-6-0-15-Insecure-Direct-Object-Reference-IDOR-ff504354656b47b2b0cee0b7a82ad08c • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4569
https://notcve.org/view.php?id=CVE-2022-4569
05 Jun 2023 — A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. • https://support.lenovo.com/us/en/product_security/LEN-103544 • CWE-276: Incorrect Default Permissions •