CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1399 – KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1399
27 Mar 2023 — N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1135 – Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1135
27 Mar 2023 — In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1134 – CVE-2023-1134
https://notcve.org/view.php?id=CVE-2023-1134
27 Mar 2023 — Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1144 – CVE-2023-1144
https://notcve.org/view.php?id=CVE-2023-1144
27 Mar 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28596 – Local Privilege Escalation in Zoom for macOS Installers
https://notcve.org/view.php?id=CVE-2023-28596
27 Mar 2023 — Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27094
https://notcve.org/view.php?id=CVE-2023-27094
23 Mar 2023 — An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1059 •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26358 – Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-26358
22 Mar 2023 — Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the app... • https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1314 – Local Privilege Escalation Vulnerability in cloudflared's Installer
https://notcve.org/view.php?id=CVE-2023-1314
21 Mar 2023 — A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker woul... • https://github.com/cloudflare/cloudflared/releases • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25069 – Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25069
17 Mar 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro TXOne StellarOne. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/solution/000292486 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22883 – Local Privilege Escalation in Zoom for Windows Installers
https://notcve.org/view.php?id=CVE-2023-22883
16 Mar 2023 — Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •