CVE-2023-6740 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVE-2023-6735 – Privilege escalation in mk_tsm
https://notcve.org/view.php?id=CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •
CVE-2023-38267 – IBM Security Access Manager Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-38267
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. ... IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga información de configuración confidencial. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260584 https://www.ibm.com/support/pages/node/7106586 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. ... IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente información confidencial en archivos a los que un usuario local podría acceder. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 https://www.ibm.com/support/pages/node/7106586 • CWE-257: Storing Passwords in a Recoverable Format •
CVE-2023-52330 – Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52330
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •