CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28235 – etcd: Information discosure via debug function
https://notcve.org/view.php?id=CVE-2021-28235
04 Apr 2023 — Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. ... This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd. • http://etcd.com • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26858
https://notcve.org/view.php?id=CVE-2023-26858
31 Mar 2023 — SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. • https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47191 – Privilege Escalation via file upload vulnerability at Generex CS141
https://notcve.org/view.php?id=CVE-2022-47191
31 Mar 2023 — Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. • https://www.generex.de/support/changelogs/cs141/2-12 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
30 Mar 2023 — A Use-After-Free may lead to local privilege escalation. ... The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Issues addressed include pr... • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25809 – rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
https://notcve.org/view.php?id=CVE-2023-25809
29 Mar 2023 — This flaw allows a local authenticated attacker to cause a denial of service. ... An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. • https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28642 – AppArmor bypass with symlinked /proc in runc
https://notcve.org/view.php?id=CVE-2023-28642
29 Mar 2023 — An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. • https://github.com/opencontainers/runc/pull/3785 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-281: Improper Preservation of Permissions CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
29 Mar 2023 — Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
29 Mar 2023 — This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1516
https://notcve.org/view.php?id=CVE-2023-1516
28 Mar 2023 — RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. • https://robodk.com/contact • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3685 – SDM600 software privilege level
https://notcve.org/view.php?id=CVE-2022-3685
28 Mar 2023 — The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. ... An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •