CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2023-3972 – Insights-client: unsafe handling of temporary files and directories
https://notcve.org/view.php?id=CVE-2023-3972
This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. • https://access.redhat.com/errata/RHSA-2023:6264 https://access.redhat.com/errata/RHSA-2023:6282 https://access.redhat.com/errata/RHSA-2023:6283 https://access.redhat.com/errata/RHSA-2023:6284 https://access.redhat.com/errata/RHSA-2023:6795 https://access.redhat.com/errata/RHSA-2023:6796 https://access.redhat.com/errata/RHSA-2023:6798 https://access.redhat.com/errata/RHSA-2023:6811 https://access.redhat.com/security/cve/CVE-2023-3972 https://bugzilla.redhat.com/show • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5847 – Tenable Nessus Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-5847
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. ... This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.tenable.com/security/tns-2023-37 https://www.tenable.com/security/tns-2023-38 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47101
https://notcve.org/view.php?id=CVE-2023-47101
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. • https://cyvisory.group/advisory/CYADV-2023-012 https://sourceforge.net/p/securepoint/news/2023/08/2040-is-now-available • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40685 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40685
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264116 https://www.ibm.com/support/pages/node/7060686 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40686 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40686
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264114 https://www.ibm.com/support/pages/node/7060686 • CWE-269: Improper Privilege Management •