CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5214 – CVE-2023-5214 - Privilege Escalation in Puppet Bolt
https://notcve.org/view.php?id=CVE-2023-5214
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2023-42755 – Kernel: rsvp: out-of-bounds read in rsvp_classify()
https://notcve.org/view.php?id=CVE-2023-42755
An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-42755 https://bugzilla.redhat.com/show_bug.cgi?id=2239847 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://seclists.org/oss-sec/2023/q3/229 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32485
https://notcve.org/view.php?id=CVE-2023-32485
A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. • https://www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26236
https://notcve.org/view.php?id=CVE-2023-26236
Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
Local privilege escalation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •