CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2023-36594 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36594
10 Oct 2023 — Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36731 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36731
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36732 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36732
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45205
https://notcve.org/view.php?id=CVE-2023-45205
10 Oct 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. ... Esto podría permitir que un atacante local autenticado inyecte código arbitrario y escale privilegios a "NT AUTHORITY/SYSTEM". • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42796
https://notcve.org/view.php?id=CVE-2023-42796
10 Oct 2023 — By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. • https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30527
https://notcve.org/view.php?id=CVE-2022-30527
10 Oct 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. ... Esto podría permitir que un atacante local autenticado inyecte código arbitrario y escale privilegios. • https://cert-portal.siemens.com/productcert/html/ssa-160243.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43896
https://notcve.org/view.php?id=CVE-2023-43896
10 Oct 2023 — A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. • http://macrium.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31096
https://notcve.org/view.php?id=CVE-2023-31096
10 Oct 2023 — There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). ... Hay una escalada de privilegios local al SYSTEM a través de un desbordamiento de pila en RTLCopyMemory (IOCTL 0x1b2150). • https://cschwarz1.github.io/posts/0x04 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45248
https://notcve.org/view.php?id=CVE-2023-45248
09 Oct 2023 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-6052 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-40654
https://notcve.org/view.php?id=CVE-2023-40654
08 Oct 2023 — This could lead to local escalation of privilege with System execution privileges needed En FW-PackageManager, es posible que falte una verificación de permisos. Esto podría llevar a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •