CVE-2023-31027
https://notcve.org/view.php?id=CVE-2023-31027
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-5178 – Kernel: use after free in nvmet_tcp_free_crypto in nvme
https://notcve.org/view.php?id=CVE-2023-5178
This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. • https://github.com/rockrid3r/CVE-2023-5178 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7548 https://access.redhat.com/errata/RHSA-2023:7549 https://access.redhat.com/errata/RHSA-2023:7551 https://access.redhat.com/errata/RHSA-2023:7554 https://access.redhat.com/errata/RHSA-2023:7557 https://access.redhat.com/errata/RHSA-2023 • CWE-416: Use After Free •
CVE-2023-3972 – Insights-client: unsafe handling of temporary files and directories
https://notcve.org/view.php?id=CVE-2023-3972
This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. • https://access.redhat.com/errata/RHSA-2023:6264 https://access.redhat.com/errata/RHSA-2023:6282 https://access.redhat.com/errata/RHSA-2023:6283 https://access.redhat.com/errata/RHSA-2023:6284 https://access.redhat.com/errata/RHSA-2023:6795 https://access.redhat.com/errata/RHSA-2023:6796 https://access.redhat.com/errata/RHSA-2023:6798 https://access.redhat.com/errata/RHSA-2023:6811 https://access.redhat.com/security/cve/CVE-2023-3972 https://bugzilla.redhat.com/show • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-5847 – Tenable Nessus Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-5847
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. ... This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.tenable.com/security/tns-2023-37 https://www.tenable.com/security/tns-2023-38 • CWE-269: Improper Privilege Management •
CVE-2023-47101
https://notcve.org/view.php?id=CVE-2023-47101
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. • https://cyvisory.group/advisory/CYADV-2023-012 https://sourceforge.net/p/securepoint/news/2023/08/2040-is-now-available • CWE-269: Improper Privilege Management •