CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47142 – IBM Tivoli Application Dependency Discovery Manager privilege escalation
https://notcve.org/view.php?id=CVE-2023-47142
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 https://www.ibm.com/support/pages/node/7105139 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2023-46344 – Solar-Log 200 PM+ 3.6.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. ... A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. • https://github.com/vinnie1717/CVE-2023-46344 http://solar-log.com https://github.com/vinnie1717/CVE-2023-46344/blob/main/Solar-Log%20XSS https://www.solar-log.com/en/support/firmware-database-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51939
https://notcve.org/view.php?id=CVE-2023-51939
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. • https://gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f https://github.com/liang-junkai/Relic-bbs-fault-injection https://github.com/relic-toolkit/relic/issues/284 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0833 – Privilege Elevation via Telerik Test Studio
https://notcve.org/view.php?id=CVE-2024-0833
In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. • https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability https://www.telerik.com/teststudio • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0832 – Privilege Elevation via Telerik Reporting Installer
https://notcve.org/view.php?id=CVE-2024-0832
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. • https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability https://www.telerik.com/products/reporting.aspx • CWE-269: Improper Privilege Management •