CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6817 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6817
This issue may allow a local user with CAP_NET_ADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html http://www.openwall.com/lists/oss-security/2023/12/22/13 http://www.openwall.com/lists/oss-security/2023/12/22/6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50713 – Speckle Server API Token Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-50713
However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. • https://github.com/specklesystems/speckle-server/commit/3689e1cd58ec4f06abee836af34889d6ce474571 https://github.com/specklesystems/speckle-server/releases/tag/2.17.6 https://github.com/specklesystems/speckle-server/security/advisories/GHSA-xpf3-5q5x-3qwh • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25648 – Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-25648
Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-41720
https://notcve.org/view.php?id=CVE-2023-41720
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. • https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •