CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42124 – Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42124
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42125 – Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42125
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace objects. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •