CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4206 – Use-after-free in Linux kernel's net/sched: cls_route component
https://notcve.org/view.php?id=CVE-2023-4206
A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system. Similar CVE-2023-4128 was rejected as a duplicate. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4206 https://bugzilla.redhat.com/show_bug.cgi?id=2225511 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4487 – GE Digital CIMPLICITY Process Control
https://notcve.org/view.php?id=CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 • CWE-114: Process Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39365 – Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
https://notcve.org/view.php?id=CVE-2023-39365
This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. • https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN https://www.debian.org/security&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35593
https://notcve.org/view.php?id=CVE-2020-35593
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. • http://web.archive.org/web/20210106175128/https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 https://webapps.bmc.com/support/faces/az/prodallversions.jsp? • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2202
https://notcve.org/view.php?id=CVE-2015-2202
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-20: Improper Input Validation •