CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4487 – GE Digital CIMPLICITY Process Control
https://notcve.org/view.php?id=CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. GE CIMPLICITY 2023 contiene una vulnerabilidad de control de procesos, que podría permitir a un atacante local insertar archivos de configuración maliciosos en la ruta de ejecución esperada del servidor web para escalar privilegios y obtener el control total del software HMI. • https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 • CWE-114: Process Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39365 – Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
https://notcve.org/view.php?id=CVE-2023-39365
This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. • https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN https://www.debian.org/security&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35593
https://notcve.org/view.php?id=CVE-2020-35593
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. • http://web.archive.org/web/20210106175128/https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 https://webapps.bmc.com/support/faces/az/prodallversions.jsp? • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2202
https://notcve.org/view.php?id=CVE-2015-2202
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2023-32811
https://notcve.org/view.php?id=CVE-2023-32811
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del sistema necesarios. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •