CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35183 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35183
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27792
https://notcve.org/view.php?id=CVE-2023-27792
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35181 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35181
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43800 – Insufficient Verification of Data Authenticity in Arduino Create Agent
https://notcve.org/view.php?id=CVE-2023-43800
A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. • https://github.com/arduino/arduino-create-agent/releases/tag/1.3.3 https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-4x5q-q7wc-q22p https://www.nozominetworks.com/blog/security-flaws-affect-a-component-of-the-arduino-create-cloud-ide • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43802 – Path traversal in Arduino Create Agent
https://notcve.org/view.php?id=CVE-2023-43802
A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. • https://github.com/arduino/arduino-create-agent/releases/tag/1.3.3 https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-75j7-w798-cwwx https://www.nozominetworks.com/blog/security-flaws-affect-a-component-of-the-arduino-create-cloud-ide • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •