CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4015 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-4015
A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4015 https://bugzilla.redhat.com/show_bug.cgi?id=2237752 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3676 – Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-3676
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. ... This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. • https://github.com/kubernetes/kubernetes/issues/119339 https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc https://security.netapp.com/advisory/ntap-20231130-0007 https://access.redhat.com/security/cve/CVE-2023-3676 https://bugzilla.redhat.com/show_bug.cgi?id=2227126 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3955 – Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-3955
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. ... This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. • https://github.com/kubernetes/kubernetes/issues/119595 https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E https://security.netapp.com/advisory/ntap-20231221-0002 https://access.redhat.com/security/cve/CVE-2023-3955 https://bugzilla.redhat.com/show_bug.cgi?id=2227128 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 92%CPEs: 36EXPL: 0CVE-2023-41265 – Qlik Sense HTTP Tunneling Vulnerability
https://notcve.org/view.php?id=CVE-2023-41265
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. • https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24165
https://notcve.org/view.php?id=CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). • https://bugs.launchpad.net/qemu/+bug/1863025 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://pastebin.com/iqCbjdT8 https://security.netapp.com/advisory/ntap-20231006-0012 •