CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42126 – G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42126
29 Sep 2023 — G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execut... • https://www.zerodayinitiative.com/advisories/ZDI-23-1493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
29 Sep 2023 — This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40375 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40375
28 Sep 2023 — Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. ... El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. Un problema en Binalyze IREC.sys v.3.11.0 y anteriores permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la función fun_1400084d0 en el controlador IREC.sys. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-44157
https://notcve.org/view.php?id=CVE-2023-44157
27 Sep 2023 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3956 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-43320 – Proxmox VE 7.4-1 TOTP Brute Force
https://notcve.org/view.php?id=CVE-2023-43320
27 Sep 2023 — An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. • https://packetstorm.news/files/id/176967 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42122 – Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42122
27 Sep 2023 — Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in t... • https://www.zerodayinitiative.com/advisories/ZDI-23-1479 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42124 – Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42124
27 Sep 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate pri... • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42125 – Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42125
27 Sep 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate pri... • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34043
https://notcve.org/view.php?id=CVE-2023-34043
26 Sep 2023 — VMware Aria Operations contains a local privilege escalation vulnerability. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada... • https://www.vmware.com/security/advisories/VMSA-2023-0020.html • CWE-269: Improper Privilege Management •