CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3915 – Incorrect Execution-Assigned Permissions in GitLab
https://notcve.org/view.php?id=CVE-2023-3915
If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. • https://gitlab.com/gitlab-org/gitlab/-/issues/417664 https://hackerone.com/reports/2040834 • CWE-279: Incorrect Execution-Assigned Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36100
https://notcve.org/view.php?id=CVE-2023-36100
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. • https://github.com/Thecosy/IceCMS/issues/15 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36326
https://notcve.org/view.php?id=CVE-2023-36326
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. • https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footer • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24674
https://notcve.org/view.php?id=CVE-2023-24674
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. • https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107 https://medium.com/%40cupc4k3/privilege-scalation-in-bludit-cms-dcf86c41107 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46869
https://notcve.org/view.php?id=CVE-2022-46869
Local privilege escalation during installation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-3835 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management CWE-610: Externally Controlled Reference to a Resource in Another Sphere •