CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41780 – Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41780
Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. • https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0193 – Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
https://notcve.org/view.php?id=CVE-2024-0193
This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. • https://access.redhat.com/errata/RHSA-2024:1018 https://access.redhat.com/errata/RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:4412 https://access.redhat.com/errata/RHSA-2024:4415 https://access.redhat.com/security/cve/CVE-2024-0193 https://bugzilla.redhat.com/show_bug.cgi?id=2255653 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47458
https://notcve.org/view.php?id=CVE-2023-47458
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. • http://springblade.com https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a https://gitee.com/smallc/SpringBlade • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41543
https://notcve.org/view.php?id=CVE-2023-41543
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. • https://mp.weixin.qq.com/s/q6R-kaN4XS5d_cgWtq46vw https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41543%28JeecgBoot_sql%29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •