CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21187
https://notcve.org/view.php?id=CVE-2023-21187
28 Jun 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2005 – Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2005
26 Jun 2023 — This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-21 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
23 Jun 2023 — A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3256 – Advantech R-SeeNet External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-3256
22 Jun 2023 — Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45287
https://notcve.org/view.php?id=CVE-2022-45287
21 Jun 2023 — An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. • http://cwx.com •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
20 Jun 2023 — Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2847 – Local privilege escalation in ESET products for Linux and MacOS
https://notcve.org/view.php?id=CVE-2023-2847
15 Jun 2023 — During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4149 – Local privilege escalation using log file
https://notcve.org/view.php?id=CVE-2022-4149
15 Jun 2023 — Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2270 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-2270
15 Jun 2023 — This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine. • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21123
https://notcve.org/view.php?id=CVE-2023-21123
15 Jun 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 • CWE-862: Missing Authorization •