CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28142 – Race Condition
https://notcve.org/view.php?id=CVE-2023-28142
18 Apr 2023 — This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. ... This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. • https://www.qualys.com/security-advisories • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 5CVE-2023-1326 – local privilege escalation in apport-cli
https://notcve.org/view.php?id=CVE-2023-1326
13 Apr 2023 — A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. ... Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to ru... • https://github.com/diego-tella/CVE-2023-1326-PoC • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 3CVE-2023-26918 – File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
https://notcve.org/view.php?id=CVE-2023-26918
13 Apr 2023 — Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. ... File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. • http://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-2007
13 Apr 2023 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. ... • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 1CVE-2023-2008 – Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2008
13 Apr 2023 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. ... This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges o... • https://github.com/bluefrostsecurity/CVE-2023-2008 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2006 – Linux Kernel RxRPC Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2006
13 Apr 2023 — This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=2189112 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1872 – Use-after-free in Linux kernel's io_uring subsystem
https://notcve.org/view.php?id=CVE-2023-1872
12 Apr 2023 — A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. ... A local attacker could possibly use this to gain elevated privileges. ... A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1829 – Use-after-free in tcindex (traffic control index filter) in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-1829
12 Apr 2023 — A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. ... This flaw allows a local attacker to cause a use-after-free problem, leading to privilege escalation. This vulnerability allows local attackers to... • https://github.com/lanleft/CVE-2023-1829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26396 – Adobe Acrobat Reader DC for macOS installer (AcroRdrDC_2200220191_MUI.pkg) contains a local privilege escalation vulnerability.
https://notcve.org/view.php?id=CVE-2023-26396
12 Apr 2023 — Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2023-29539 – Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29539
12 Apr 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •