CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3609 – Use-after-free in Linux kernel's net/sched: cls_u32 component
https://notcve.org/view.php?id=CVE-2023-3609
21 Jul 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. ... This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. ... A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30799 – MikroTik RouterOS Administrator Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-30799
19 Jul 2023 — MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. • https://github.com/MarginResearch/FOISted • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34394 – Keysight N6845A Relative Path Traversal
https://notcve.org/view.php?id=CVE-2023-34394
19 Jul 2023 — In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. ... An attacker can leverage this vulnerability to escal... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02 • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36853 – Keysight Geolocation Server Exposed Dangerous Method or Function
https://notcve.org/view.php?id=CVE-2023-36853
19 Jul 2023 — In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. ... This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02 • CWE-427: Uncontrolled Search Path Element CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32155 – Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32155
18 Jul 2023 — Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. This vulnerability al... • https://www.zerodayinitiative.com/advisories/ZDI-23-971 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30989 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30989
16 Jul 2023 — IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254017 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30988 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30988
16 Jul 2023 — The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254016 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35692
https://notcve.org/view.php?id=CVE-2023-35692
14 Jul 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-07-01 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38100 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-38100
13 Jul 2023 — NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate pr... • https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38102 – NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-38102
13 Jul 2023 — NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate