CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5197 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-5197
26 Sep 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... Una vulnerabilidad de use-after-free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. ... A local user could use this to cause a denial of service or possibly execute arbitrary code. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0633 – In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE
https://notcve.org/view.php?id=CVE-2023-0633
25 Sep 2023 — In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. En Docker Desktop en Windows anterior a 4.12.0, una inyección de argumento en el instalador puede provocar una escalada de privilegios local (LPE). Este problema afecta a Docker Desktop: anterior a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0627 – Docker Desktop 4.11.x allows --no-windows-containers flag bypass
https://notcve.org/view.php?id=CVE-2023-0627
25 Sep 2023 — Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. Docker Desktop 4.11.x permite omitir el indicador --no-windows-containers a través de la suplantación de respuesta de IPC, lo que puede provocar una escalada de privilegios locales (LPE). Este problema afecta a Docker Desktop: 4.11.X. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-501: Trust Boundary Violation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41419 – python-gevent: privilege escalation via a crafted script to the WSGIServer component
https://notcve.org/view.php?id=CVE-2023-41419
25 Sep 2023 — An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. ... Issues addressed include a privilege escalation vulnerability. • https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-43766
https://notcve.org/view.php?id=CVE-2023-43766
22 Sep 2023 — Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. • https://www.withsecure.com/en/support/security-advisories • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41992 – Apple Multiple Products Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-41992
21 Sep 2023 — A local attacker may be able to elevate their privileges. ... Un atacante local podría aumentar sus privilegios. ... Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. • https://support.apple.com/en-us/HT213927 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42099 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42099
21 Sep 2023 — Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. ... An attacker can leverage this vulnerability to escalate privileges a... • https://www.zerodayinitiative.com/advisories/ZDI-23-1449 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41902
https://notcve.org/view.php?id=CVE-2023-41902
20 Sep 2023 — An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. • https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-42334
https://notcve.org/view.php?id=CVE-2023-42334
20 Sep 2023 — An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. • https://0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41929
https://notcve.org/view.php?id=CVE-2023-41929
18 Sep 2023 — A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) Una vulnerabilidad de secuestro de DLL en Samsung Memory Card & UFD Authentication Utility PC Software anterior a 1.0.1 podría permitir a un atacante local escalar privilegios. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-427: Uncontrolled Search Path Element •