CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
A Use-After-Free may lead to local privilege escalation. ... The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc http://seclists.org/fulldisclosure/2024/Apr/24 https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 https://malwarebytes.com https://www.malwarebytes.com/secure/cves/cve-2023-28892 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1516
https://notcve.org/view.php?id=CVE-2023-1516
RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. • https://robodk.com/contact https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28655 – CVE-2023-28655
https://notcve.org/view.php?id=CVE-2023-28655
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •