CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43555 – Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-43555
03 Nov 2023 — Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability Vulnerabilidad de escalada de privilegios locales sin autenticación de Ivanti Avalanche Printer Device Service This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of... • https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5088 – Qemu: improper ide controller reset can lead to mbr overwrite
https://notcve.org/view.php?id=CVE-2023-5088
03 Nov 2023 — A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-662: Improper Synchronization CWE-821: Incorrect Synchronization •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 3CVE-2023-46980
https://notcve.org/view.php?id=CVE-2023-46980
03 Nov 2023 — An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. • https://github.com/sajaljat/CVE-2023-46980 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31027
https://notcve.org/view.php?id=CVE-2023-31027
02 Nov 2023 — NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 1CVE-2023-5178 – Kernel: use after free in nvmet_tcp_free_crypto in nvme
https://notcve.org/view.php?id=CVE-2023-5178
01 Nov 2023 — This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. ... A local attacker could possibly use this to cause a denial of service. ... A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information. • https://github.com/rockrid3r/CVE-2023-5178 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2023-3972 – Insights-client: unsafe handling of temporary files and directories
https://notcve.org/view.php?id=CVE-2023-3972
01 Nov 2023 — This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. ... Antes de que el usuario root registre el cliente de insights en el sistema, un us... • https://access.redhat.com/errata/RHSA-2023:6264 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5847 – Tenable Nessus Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-5847
01 Nov 2023 — Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. ... This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.tenable.com/security/tns-2023-37 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42655
https://notcve.org/view.php?id=CVE-2023-42655
01 Nov 2023 — This could lead to local escalation of privilege with System execution privileges needed En el servicio de simulación, existe una forma posible de escribir registros de uso de permisos de una aplicación debido a que falta una verificación de permisos. Esto podría llevar a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857 • CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45780
https://notcve.org/view.php?id=CVE-2023-45780
30 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21398
https://notcve.org/view.php?id=CVE-2023-21398
30 Oct 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 •