CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27908 – Autodesk On-Demand Install Services Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27908
This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-32168 – D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32168
This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 https://www.zerodayinitiative.com/advisories/ZDI-23-719 • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30382
https://notcve.org/view.php?id=CVE-2023-30382
A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. • https://labs.jumpsec.com/advisory-cve-2023-30382-half-life-local-privilege-escalation • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29838
https://notcve.org/view.php?id=CVE-2023-29838
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. • https://github.com/IthacaLabs/Botkind/blob/main/Botkind_SyncApp/WeakServicePermissions_InsecureServiceExecutable_CVE-2023-29838.txt https://github.com/IthacaLabs/Botkind/tree/main/Botkind_SyncApp • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31748 – MobileTrans 4.0.11 - Weak Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-31748
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. • https://www.exploit-db.com/exploits/51479 http://mobiletrans.com https://packetstormsecurity.com/files/172466/MobileTrans-4.0.11-Weak-Service-Permissions.html • CWE-732: Incorrect Permission Assignment for Critical Resource •