CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3777 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-3777
A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-3777 https://bugzilla.redhat.com/show_bug.cgi?id=223 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4015 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-4015
A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4015 https://bugzilla.redhat.com/show_bug.cgi?id=2237752 • CWE-416: Use After Free •
CVSS: 9.9EPSS: 92%CPEs: 36EXPL: 0CVE-2023-41265 – Qlik Sense HTTP Tunneling Vulnerability
https://notcve.org/view.php?id=CVE-2023-41265
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. • https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24165
https://notcve.org/view.php?id=CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). • https://bugs.launchpad.net/qemu/+bug/1863025 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://pastebin.com/iqCbjdT8 https://security.netapp.com/advisory/ntap-20231006-0012 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32079 – Netmaker Privilige Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32079
A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. • https://github.com/gravitl/netmaker/security/advisories/GHSA-826j-8wp2-4x6q • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •