CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28715
https://notcve.org/view.php?id=CVE-2020-28715
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). • http://leeco.com https://www.cnvd.org.cn/flaw/show/2602948 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38899
https://notcve.org/view.php?id=CVE-2023-38899
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. • http://o.com https://github.com/berkaygediz/O_Blog https://github.com/berkaygediz/O_Blog/issues https://github.com/berkaygediz/O_Blog/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37250
https://notcve.org/view.php?id=CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. • https://github.com/ewilded/CVE-2023-37250-POC https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250 https://unity3d.com https://www.kb.cert.org/vuls/id/287122 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2737 – Improper securing of log directory may allow a denial of service
https://notcve.org/view.php?id=CVE-2023-2737
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. • https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=08f460ba47bba550c0e42e61e36d432f&sysparm_article=KB0027485 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38401 – Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
https://notcve.org/view.php?id=CVE-2023-38401
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt •