CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4015 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-4015
30 Aug 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. ... A local unprivileged user could use this to obtain to sensitive information. ... A local attacker could use this to cause a denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 • CWE-416: Use After Free •
CVSS: 9.9EPSS: 91%CPEs: 36EXPL: 1CVE-2023-41265 – Qlik Sense HTTP Tunneling Vulnerability
https://notcve.org/view.php?id=CVE-2023-41265
29 Aug 2023 — An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. ... Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend se... • https://github.com/praetorian-inc/zeroqlik-detect • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24165 – Ubuntu Security Notice USN-6567-2
https://notcve.org/view.php?id=CVE-2020-24165
28 Aug 2023 — An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). ... A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS. • https://bugs.launchpad.net/qemu/+bug/1863025 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2023-34725 – TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-34725
28 Aug 2023 — TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2023-34724 – TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-34724
28 Aug 2023 — TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-34723 – Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-34723
25 Aug 2023 — TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32079 – Netmaker Privilige Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32079
24 Aug 2023 — A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. • https://github.com/gravitl/netmaker/security/advisories/GHSA-826j-8wp2-4x6q • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40516 – LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-40516
24 Aug 2023 — LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code i... • https://www.zerodayinitiative.com/advisories/ZDI-23-1218 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
23 Aug 2023 — A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. ... By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege <... • https://access.redhat.com/errata/RHSA-2023:4701 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48522 – Ubuntu Security Notice USN-6517-1
https://notcve.org/view.php?id=CVE-2022-48522
22 Aug 2023 — In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. • https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 • CWE-787: Out-of-bounds Write •