CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 https://malwarebytes.com https://www.malwarebytes.com/secure/cves/cve-2023-28892 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-1516
https://notcve.org/view.php?id=CVE-2023-1516
RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. • https://robodk.com/contact https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-28655 – CVE-2023-28655
https://notcve.org/view.php?id=CVE-2023-28655
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1399 – KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1399
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01 • CWE-502: Deserialization of Untrusted Data •
CVE-2023-1135 – Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1135
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •