CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46584
https://notcve.org/view.php?id=CVE-2023-46584
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. • https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-43506 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-43506
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45990
https://notcve.org/view.php?id=CVE-2023-45990
Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. • https://github.com/PwnCYN/Wenwenai/issues/2 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5633 – Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
https://notcve.org/view.php?id=CVE-2023-5633
When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. • https://access.redhat.com/errata/RHSA-2024:0113 https://access.redhat.com/errata/RHSA-2024:0134 https://access.redhat.com/errata/RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-5633 https://bugzilla.redhat.com/show_bug.cgi?id=2245663 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28797 – LPE using arbitrary file delete with Symlinks
https://notcve.org/view.php?id=CVE-2023-28797
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. Zscaler Client Connector para Windows anterior a 4.1 escribe/elimina un archivo de configuración dentro de carpetas específicas en el disco. Un usuario malintencionado puede reemplazar la carpeta y ejecutar código como usuario privilegiado. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •