CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27362 – 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.3cx.com/blog/releases/v18-u8 https://www.zerodayinitiative.com/advisories/ZDI-23-1153 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38899
https://notcve.org/view.php?id=CVE-2023-38899
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. • http://o.com https://github.com/berkaygediz/O_Blog https://github.com/berkaygediz/O_Blog/issues https://github.com/berkaygediz/O_Blog/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28715
https://notcve.org/view.php?id=CVE-2020-28715
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). • http://leeco.com https://www.cnvd.org.cn/flaw/show/2602948 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37250
https://notcve.org/view.php?id=CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. • https://github.com/ewilded/CVE-2023-37250-POC https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250 https://unity3d.com https://www.kb.cert.org/vuls/id/287122 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40315 – ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN
https://notcve.org/view.php?id=CVE-2023-40315
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. • https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.5 https://github.com/OpenNMS/opennms/pull/6250 - • CWE-863: Incorrect Authorization •