CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41807 – Linux Local Privilege Escalation Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41807
This vulnerability allows a user to escalate permissions on the system shell. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48319 – WordPress Salon booking system plugin < 8.7 - Editor+ Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-48319
This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator. • https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-8-7-editor-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37937 – Elasticsearch privilege escalation
https://notcve.org/view.php?id=CVE-2021-37937
When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user. • https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37942 – APM Java Agent Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/291355 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5299 – Fuji Electric Tellus Lite V-Simulator Improper Access Control
https://notcve.org/view.php?id=CVE-2023-5299
This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. • https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 • CWE-284: Improper Access Control •