CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-5717 – Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component
https://notcve.org/view.php?id=CVE-2023-5717
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. Se puede aprovechar una vulnerabilidad de escritura fuera de límites del montón en el componente Linux Kernel Performance Events (perf) del kernel de Linux para lograr una escalada de privilegios local. ... This issue may lead to a system crash, code execution, or local privilege escalation. • https://github.com/uthrasri/CVE-2023-5717 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023-5717 https://bugzilla.redhat.com/show_bug.cgi?id=2246945 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-44794
https://notcve.org/view.php?id=CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. • https://github.com/dromara/Sa-Token/issues/515 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46584
https://notcve.org/view.php?id=CVE-2023-46584
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. • https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-43506 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-43506
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. Una vulnerabilidad en el agente de Linux ClearPass OnGuard podría permitir a usuarios malintencionados elevar sus privilegios de usuario a aquellos de una función superior. Un exploit exitoso permite a usuarios malintencionados ejecutar código arbitrario con privilegios de root en la instancia de Linux. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45990
https://notcve.org/view.php?id=CVE-2023-45990
Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. • https://github.com/PwnCYN/Wenwenai/issues/2 • CWE-276: Incorrect Default Permissions •