CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23410
Windows HTTP.sys Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25590 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-25590
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1299 – Nomad Job Submitter Privilege Escalation Using Workload Identity
https://notcve.org/view.php?id=CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. • https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25279
https://notcve.org/view.php?id=CVE-2023-25279
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20In%20tools_AccountName https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27010 – Wondershare Dr Fone 12.9.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-27010
This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. • https://www.exploit-db.com/exploits/51324 https://cwe.mitre.org/data/definitions/250.html https://packetstormsecurity.com/files/171301/Wondershare-Dr-Fone-12.9.6-Weak-Permissions-Privilege-Escalation.html •