CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-24861 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24861
Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23410
Windows HTTP.sys Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25590 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-25590
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25279
https://notcve.org/view.php?id=CVE-2023-25279
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20In%20tools_AccountName https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27010 – Wondershare Dr Fone 12.9.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-27010
This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. • https://www.exploit-db.com/exploits/51324 https://cwe.mitre.org/data/definitions/250.html https://packetstormsecurity.com/files/171301/Wondershare-Dr-Fone-12.9.6-Weak-Permissions-Privilege-Escalation.html •