CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48677
https://notcve.org/view.php?id=CVE-2023-48677
12 Dec 2023 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-5620 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50446
https://notcve.org/view.php?id=CVE-2023-50446
10 Dec 2023 — Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. • https://github.com/mullvad/mullvadvpn-app/pull/5398 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49797 – Local Privilege Escalation in pyinstaller on Windows
https://notcve.org/view.php?id=CVE-2023-49797
09 Dec 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/pyinstaller/pyinstaller/pull/7827 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47254
https://notcve.org/view.php?id=CVE-2023-47254
09 Dec 2023 — An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48929
https://notcve.org/view.php?id=CVE-2023-48929
08 Dec 2023 — The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/MatJosephs/CVEs/tree/main/CVE-2023-48929 • CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48861
https://notcve.org/view.php?id=CVE-2023-48861
07 Dec 2023 — DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. • https://github.com/xieqiang11/POC4/blob/main/README.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45252
https://notcve.org/view.php?id=CVE-2023-45252
01 Dec 2023 — DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. • https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45253
https://notcve.org/view.php?id=CVE-2023-45253
01 Dec 2023 — An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. • https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41807 – Linux Local Privilege Escalation Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41807
23 Nov 2023 — Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario escalar permisos en el shell del sistema. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37942 – APM Java Agent Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-37942
22 Nov 2023 — A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/291355 • CWE-269: Improper Privilege Management •