CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35181 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35181
19 Oct 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35183 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35183
19 Oct 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40377 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40377
16 Oct 2023 — Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263583 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40378 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40378
15 Oct 2023 — IBM Directory Server for IBM i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263584 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43960
https://notcve.org/view.php?id=CVE-2023-43960
11 Oct 2023 — An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. • https://hackmd.io/%40tahaafarooq/dlink-dph-400se-cwe-200 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-38159 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38159
10 Oct 2023 — Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2023-36594 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36594
10 Oct 2023 — Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36731 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36731
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36732 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36732
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45205
https://notcve.org/view.php?id=CVE-2023-45205
10 Oct 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •