CVE-2023-1134 – CVE-2023-1134
https://notcve.org/view.php?id=CVE-2023-1134
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-1144 – CVE-2023-1144
https://notcve.org/view.php?id=CVE-2023-1144
This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-863: Incorrect Authorization •
CVE-2023-28596 – Local Privilege Escalation in Zoom for macOS Installers
https://notcve.org/view.php?id=CVE-2023-28596
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •
CVE-2023-27094
https://notcve.org/view.php?id=CVE-2023-27094
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1059 •
CVE-2023-26358 – Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-26358
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. • https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html • CWE-426: Untrusted Search Path •