CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
04 Oct 2023 — Local privilege escalation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42824 – Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42824
04 Oct 2023 — A local attacker may be able to elevate their privileges. ... Un atacante local podría aumentar sus privilegios. ... Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. • https://support.apple.com/en-us/HT213972 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
04 Oct 2023 — This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44410 – D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44410
04 Oct 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-L... • https://www.zerodayinitiative.com/advisories/ZDI-23-1508 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 25%CPEs: 18EXPL: 24CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
03 Oct 2023 — This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. ... Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. ... An attacker could possibly use this issue to perform a privilege... • http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
03 Oct 2023 — A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios <... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44217
https://notcve.org/view.php?id=CVE-2023-44217
03 Oct 2023 — A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. Una vulnerabilidad de escalada de privilegios local en el cliente MSI SonicWall Net Extender para Windows 10.2.336 y versiones anteriores permite a un usuario local con pocos privilegios obtener privilegios de System mediante la ejecución de la func... • https://github.com/advisories/GHSA-jw5c-8746-98g5 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5345 – Use-after-free in Linux kernel's fs/smb/client component
https://notcve.org/view.php?id=CVE-2023-5345
03 Oct 2023 — A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. ... Se puede explotar una vulnerabilidad de use-after-free en el componente fs/smb/client del kernel de Linux para lograr una escalada de privilegios local. ... This flaw allows a local user to crash or potentially escalate their privileges on the system. ... A local attacker could use this to cause a denial of service or possibly exec... • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43976
https://notcve.org/view.php?id=CVE-2023-43976
03 Oct 2023 — An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. • https://www.catonetworks.com • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 72EXPL: 0CVE-2023-32830
https://notcve.org/view.php?id=CVE-2023-32830
02 Oct 2023 — This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •