CVE-2021-37942 – APM Java Agent Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. ... Se encontró un problema de escalada de privilegios local con APM Java Agent, donde un usuario del sistema podía adjuntar un complemento malicioso a una aplicación que ejecutaba APM Java Agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/291355 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVE-2023-5299 – Fuji Electric Tellus Lite V-Simulator Improper Access Control
https://notcve.org/view.php?id=CVE-2023-5299
This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. • https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 • CWE-284: Improper Access Control •
CVE-2023-47350
https://notcve.org/view.php?id=CVE-2023-47350
Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. • https://github.com/SwiftyEdit/SwiftyEdit/commit/90a6f3df16cd1578b2827d7b2e073451f7ce4e47 https://mechaneus.github.io/CVE-2023-47350.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-5593
https://notcve.org/view.php?id=CVE-2023-5593
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message. La vulnerabilidad de escritura fuera de los límites en la versión 4.0.4.0 del software SecuExtender SSL VPN Client basado en Windows podría permitir que un usuario local autenticado obtenga una escalada de privilegios enviando un mensaje CREATE manipulado. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software • CWE-787: Out-of-bounds Write •
CVE-2023-47172
https://notcve.org/view.php?id=CVE-2023-47172
Certain WithSecure products allow Local Privilege Escalation. • https://www.withsecure.com/en/support/security-advisories/cve-2023-47172 •