CVE-2023-42099 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42099
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1449 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-41902
https://notcve.org/view.php?id=CVE-2023-41902
An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. • https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057 https://www.corecode.io/macupdater/history2.html https://www.corecode.io/macupdater/history3.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-42334
https://notcve.org/view.php?id=CVE-2023-42334
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. • https://0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2023-41929
https://notcve.org/view.php?id=CVE-2023-41929
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-427: Uncontrolled Search Path Element •
CVE-2021-26837
https://notcve.org/view.php?id=CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. • https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •