CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5299 – Fuji Electric Tellus Lite V-Simulator Improper Access Control
https://notcve.org/view.php?id=CVE-2023-5299
22 Nov 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. • https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47350
https://notcve.org/view.php?id=CVE-2023-47350
22 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. • https://github.com/SwiftyEdit/SwiftyEdit/commit/90a6f3df16cd1578b2827d7b2e073451f7ce4e47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5593
https://notcve.org/view.php?id=CVE-2023-5593
20 Nov 2023 — The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message. La vulnerabilidad de escritura fuera de los límites en la versión 4.0.4.0 del software SecuExtender SSL VPN Client basado en Windows podría permitir que un usuario local autenticado obtenga una escalada de privilegios enviando un mensaje CREATE manipulado. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44449 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44449
20 Nov 2023 — NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate pr... • https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47172
https://notcve.org/view.php?id=CVE-2023-47172
20 Nov 2023 — Certain WithSecure products allow Local Privilege Escalation. • https://www.withsecure.com/en/support/security-advisories/cve-2023-47172 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
17 Nov 2023 — Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. • https://github.com/Hebing123/CVE-2023-44796/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 1%CPEs: 92EXPL: 0CVE-2023-48365 – Qlik Sense HTTP Tunneling Vulnerability
https://notcve.org/view.php?id=CVE-2023-48365
15 Nov 2023 — Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. ... Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. • https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6111 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6111
14 Nov 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... Una vulnerabilidad de use-after-free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. ... A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45794
https://notcve.org/view.php?id=CVE-2023-45794
14 Nov 2023 — This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 0CVE-2023-44374
https://notcve.org/view.php?id=CVE-2023-44374
14 Nov 2023 — With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user, which could allow to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-180704.html • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •