CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28117 – Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
https://notcve.org/view.php?id=CVE-2023-28117
These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. • https://github.com/getsentry/sentry-python/pull/1842 https://github.com/getsentry/sentry-python/releases/tag/1.14.0 https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26358 – Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-26358
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. • https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 10CVE-2023-0386 – kernel: FUSE filesystem low-privileged user privileges escalation
https://notcve.org/view.php?id=CVE-2023-0386
This uid mapping bug allows a local user to escalate their privileges on the system. • https://github.com/sxlmnwb/CVE-2023-0386 https://github.com/xkaneiki/CVE-2023-0386 https://github.com/chenaotian/CVE-2023-0386 https://github.com/Fanxiaoyao66/CVE-2023-0386 https://github.com/veritas501/CVE-2023-0386 https://github.com/3yujw7njai/CVE-2023-0386 https://github.com/puckiestyle/CVE-2023-0386 https://github.com/churamanib/CVE-2023-0386 https://github.com/letsr00t/CVE-2023-0386 https://github.com/EstamelGG/CVE-2023-0386-libs http://packetstormsecurity.com/fi • CWE-282: Improper Ownership Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1252 – kernel: ovl: fix use after free in struct ovl_aio_req
https://notcve.org/view.php?id=CVE-2023-1252
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20230505-0005 https://access.redhat.com/security/cve/CVE-2023-1252 https://bugzilla.redhat.com/show_bug.cgi?id=2176140 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1314 – Local Privilege Escalation Vulnerability in cloudflared's Installer
https://notcve.org/view.php?id=CVE-2023-1314
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. • https://github.com/cloudflare/cloudflared/releases https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •