CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23947 – Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets
https://notcve.org/view.php?id=CVE-2023-23947
The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). ... The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server with enough privileges to update at least one cluster. • https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945 https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j https://access.redhat.com/security/cve/CVE-2023-23947 https://bugzilla.redhat.com/show_bug.cgi?id=2167819 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-21822 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21822
Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-35868
https://notcve.org/view.php?id=CVE-2022-35868
Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. ... Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. • https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf https://cert-portal.siemens.com/productcert/html/ssa-640968.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31808
https://notcve.org/view.php?id=CVE-2022-31808
Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45455
https://notcve.org/view.php?id=CVE-2022-45455
Local privilege escalation due to incomplete uninstallation cleanup. • https://security-advisory.acronis.com/advisories/SEC-4459 • CWE-459: Incomplete Cleanup •