CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21987 – Oracle VirtualBox TPM MMIO Handling Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21987
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2023.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22294 – Privilege escalation in Checkmk Appliance
https://notcve.org/view.php?id=CVE-2023-22294
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. • https://checkmk.com/werk/9520 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28143 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28143
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. • https://qualys.com/security-advisories • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29018 – OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-29018
Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. • https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2023-1326 – local privilege escalation in apport-cli
https://notcve.org/view.php?id=CVE-2023-1326
If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. • https://github.com/diego-tella/CVE-2023-1326-PoC https://github.com/cve-2024/CVE-2023-1326-PoC https://github.com/Pol-Ruiz/CVE-2023-1326 https://github.com/N3rdyN3xus/CVE-2023-1326 https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb https://ubuntu.com/security/notices/USN-6018-1 • CWE-269: Improper Privilege Management •