CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45174 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-45174
13 Dec 2023 — IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. ... IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local privilegiado aproveche una vulnerabilidad en el comando qdaemon para escalar privilegios o provocar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267972 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50197 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50197
13 Dec 2023 — Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. ... An attacker can leverage this vulnerability to escalate privileges a... • https://www.zerodayinitiative.com/advisories/ZDI-23-1773 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 32%CPEs: 17EXPL: 0CVE-2023-6377 – Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
https://notcve.org/view.php?id=CVE-2023-6377
13 Dec 2023 — This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... An attacker could possibly use this issue to cause the X Server to crash, execute arb... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2023-49147 – PDF24 Creator 11.15.1 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-49147
13 Dec 2023 — This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe. ... Esto permite a un atacante local sin privilegios utilizar una cadena de acciones (por ejemplo, un bloqueo de operación en faxPrnInst.log) para abrir un cmd.exe de SYSTEM. PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer. • http://packetstormsecurity.com/files/176206/PDF24-Creator-11.15.1-Local-Privilege-Escalation.html •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2023-6478 – Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
https://notcve.org/view.php?id=CVE-2023-6478
13 Dec 2023 — This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. ... An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handl... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-35633 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35633
12 Dec 2023 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation. • http://packetstormsecurity.com/files/176451/Microsoft-Windows-Registry-Predefined-Keys-Privilege-Escalation.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-48427
https://notcve.org/view.php?id=CVE-2023-48427
12 Dec 2023 — This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48677
https://notcve.org/view.php?id=CVE-2023-48677
12 Dec 2023 — Local privilege escalation due to DLL hijacking vulnerability. ... Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-5620 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50446
https://notcve.org/view.php?id=CVE-2023-50446
10 Dec 2023 — Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. ... Los permisos insuficientes en un directorio permiten que cualquier usuario local sin privilegios escale privilegios al SYSTEM. • https://github.com/mullvad/mullvadvpn-app/pull/5398 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49797 – Local Privilege Escalation in pyinstaller on Windows
https://notcve.org/view.php?id=CVE-2023-49797
09 Dec 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/pyinstaller/pyinstaller/pull/7827 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •