CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2939 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2939
30 May 2023 — Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28080
https://notcve.org/view.php?id=CVE-2023-28080
30 May 2023 — A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28079
https://notcve.org/view.php?id=CVE-2023-28079
30 May 2023 — A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-32413 – Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32413
30 May 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://github.com/synacktiv/CVE-2023-32413 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32162 – Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32162
26 May 2023 — Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. ... An attacker can leverage this vulnerability to escalate privileges and
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32163 – Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32163
26 May 2023 — Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitr... • https://github.com/LucaBarile/ZDI-CAN-16857 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27908 – Autodesk On-Demand Install Services Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27908
24 May 2023 — A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32168 – D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32168
24 May 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-L... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30382
https://notcve.org/view.php?id=CVE-2023-30382
23 May 2023 — A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. • https://labs.jumpsec.com/advisory-cve-2023-30382-half-life-local-privilege-escalation • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29838
https://notcve.org/view.php?id=CVE-2023-29838
22 May 2023 — Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. • https://github.com/IthacaLabs/Botkind/blob/main/Botkind_SyncApp/WeakServicePermissions_InsecureServiceExecutable_CVE-2023-29838.txt • CWE-276: Incorrect Default Permissions •