CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40130
https://notcve.org/view.php?id=CVE-2023-40130
27 Oct 2023 — This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios y al inicio de una actividad en segundo plano sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40128
https://notcve.org/view.php?id=CVE-2023-40128
27 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40125
https://notcve.org/view.php?id=CVE-2023-40125
27 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40120
https://notcve.org/view.php?id=CVE-2023-40120
27 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40117
https://notcve.org/view.php?id=CVE-2023-40117
27 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40116
https://notcve.org/view.php?id=CVE-2023-40116
27 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3701
https://notcve.org/view.php?id=CVE-2022-3701
27 Oct 2023 — A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. Se informó una vulnerabilidad de elevación de privilegios en el complemento Lenovo Vantage SystemUpdate versión 2.0.0.212 y anteriores que podría permitir a un atacante local ejecutar código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-94532 • CWE-269: Improper Privilege Management CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44219
https://notcve.org/view.php?id=CVE-2023-44219
27 Oct 2023 — A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. Una vulnerabilidad de escalada de privilegios local en SonicWall Directory Services Connector Windows MSI client 4.1.21 y versiones anteriores permite a un usuario local con pocos privilegios obtener permisos del sistema mediante la ejecuc... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016 • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34059 – open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper
https://notcve.org/view.php?id=CVE-2023-34059
27 Oct 2023 — A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. • http://www.openwall.com/lists/oss-security/2023/10/27/2 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-34058 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-34058
27 Oct 2023 — A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. • http://www.openwall.com/lists/oss-security/2023/10/27/1 • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •