CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28797 – LPE using arbitrary file delete with Symlinks
https://notcve.org/view.php?id=CVE-2023-28797
23 Oct 2023 — Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. Zscaler Client Connector para Windows anterior a 4.1 escribe/elimina un archivo de configuración dentro de carpetas específicas en el disco. Un usuario malintencionado puede reemplazar la carpeta y ejecutar código como usuario privilegiado. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35685 – PowerVR Out-Of-Bounds Access / Information Leak
https://notcve.org/view.php?id=CVE-2023-35685
23 Oct 2023 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. ... This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://packetstorm.news/files/id/175260 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46055
https://notcve.org/view.php?id=CVE-2023-46055
21 Oct 2023 — An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
21 Oct 2023 — Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34045 – VMware Fusion installer local privilege escalation
https://notcve.org/view.php?id=CVE-2023-34045
20 Oct 2023 — VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volum... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34046 – VMware Fusion TOCTOU local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-34046
20 Oct 2023 — A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. ... Un actor malicioso con privilegios de usua... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27791
https://notcve.org/view.php?id=CVE-2023-27791
19 Oct 2023 — An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35181 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35181
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the co... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35183 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35183
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the con... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27792
https://notcve.org/view.php?id=CVE-2023-27792
19 Oct 2023 — An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-862: Missing Authorization •