CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36732 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36732
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45205
https://notcve.org/view.php?id=CVE-2023-45205
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. ... Esto podría permitir que un atacante local autenticado inyecte código arbitrario y escale privilegios a "NT AUTHORITY/SYSTEM". • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf https://cert-portal.siemens.com/productcert/html/ssa-035466.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42796
https://notcve.org/view.php?id=CVE-2023-42796
By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. • https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30527
https://notcve.org/view.php?id=CVE-2022-30527
The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. ... Esto podría permitir que un atacante local autenticado inyecte código arbitrario y escale privilegios. • https://cert-portal.siemens.com/productcert/html/ssa-160243.html https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31096
https://notcve.org/view.php?id=CVE-2023-31096
There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). ... Hay una escalada de privilegios local al SYSTEM a través de un desbordamiento de pila en RTLCopyMemory (IOCTL 0x1b2150). • https://cschwarz1.github.io/posts/0x04 https://www.broadcom.com • CWE-787: Out-of-bounds Write •