CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20963
24 Mar 2023 — This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. • https://github.com/Ailenchick/CVE-2023-20963 • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27094
https://notcve.org/view.php?id=CVE-2023-27094
23 Mar 2023 — An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1059 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1544 – Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
https://notcve.org/view.php?id=CVE-2023-1544
23 Mar 2023 — A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-1544 • CWE-125: Out-of-bounds Read CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37705 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37705
23 Mar 2023 — A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. ... This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious ... • https://github.com/MaherAzzouzi/CVE-2022-37705 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37704 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37704
23 Mar 2023 — Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local... • https://github.com/MaherAzzouzi/CVE-2022-37704 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26358 – Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-26358
22 Mar 2023 — Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the app... • https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1314 – Local Privilege Escalation Vulnerability in cloudflared's Installer
https://notcve.org/view.php?id=CVE-2023-1314
21 Mar 2023 — A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. ... An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. • https://github.com/cloudflare/cloudflared/releases • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25069 – Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25069
17 Mar 2023 — TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro TXOne StellarOne. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected... • https://success.trendmicro.com/solution/000292486 •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2023-25280 – D-Link DIR-820 Router OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-25280
16 Mar 2023 — OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24760
https://notcve.org/view.php?id=CVE-2023-24760
16 Mar 2023 — An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. • https://gitee.com/oufu/ofcms/issues/I6BD2Q • CWE-269: Improper Privilege Management •