CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46868
https://notcve.org/view.php?id=CVE-2022-46868
Local privilege escalation during recovery due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-2499 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-45451
https://notcve.org/view.php?id=CVE-2022-45451
Local privilege escalation due to insecure driver communication port permissions. • https://github.com/alfarom256/CVE-2022-45451 https://security-advisory.acronis.com/SEC-5487 https://security-advisory.acronis.com/advisories/SEC-4858 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3777 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-3777
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. Una vulnerabilidad de Use-After-Free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. ... A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-3777 https://bugzilla.redhat.com/show_bug.cgi?id=223 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4015 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-4015
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2. ... A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4015 https://bugzilla.redhat.com/show_bug.cgi?id=2237752 • CWE-416: Use After Free •
CVSS: 9.9EPSS: 92%CPEs: 36EXPL: 0CVE-2023-41265 – Qlik Sense HTTP Tunneling Vulnerability
https://notcve.org/view.php?id=CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. ... Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. • https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •