CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27908 – Autodesk On-Demand Install Services Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27908
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AdskAccessServiceHost service. By creating a symbolic link, an attacker can abuse the service to create a folder with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0860 – Improper Restriction of Excessive Authentication Attempts in modoboa/modoboa-installer
https://notcve.org/view.php?id=CVE-2023-0860
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. • https://github.com/0xsu3ks/CVE-2023-0860 https://github.com/modoboa/modoboa-installer/commit/63d92b73f3da6971ae4e13d033d625773ac91085 https://huntr.dev/bounties/64f3ab93-1357-4468-8ff4-52bbcec18cca • CWE-307: Improper Restriction of Excessive Authentication Attempts •