CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22883 – Local Privilege Escalation in Zoom for Windows Installers
https://notcve.org/view.php?id=CVE-2023-22883
16 Mar 2023 — Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-24861 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24861
14 Mar 2023 — Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23410
14 Mar 2023 — Windows HTTP.sys Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25590 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-25590
14 Mar 2023 — A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25279
https://notcve.org/view.php?id=CVE-2023-25279
13 Mar 2023 — OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20In%20tools_AccountName • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27010 – Wondershare Dr Fone 12.9.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-27010
09 Mar 2023 — This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation. • https://packetstormsecurity.com/files/171301/Wondershare-Dr-Fone-12.9.6-Weak-Permissions-Privilege-Escalation.html •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47462
https://notcve.org/view.php?id=CVE-2022-47462
07 Mar 2023 — This could lead to local escalation of privilege with system execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2022-47461
https://notcve.org/view.php?id=CVE-2022-47461
07 Mar 2023 — This could lead to local escalation of privilege with system execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 28EXPL: 0CVE-2023-20634
https://notcve.org/view.php?id=CVE-2023-20634
07 Mar 2023 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-20: Improper Input Validation •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20620
https://notcve.org/view.php?id=CVE-2023-20620
07 Mar 2023 — In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •