CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31425 – Privilege escalation via the fosexec command
https://notcve.org/view.php?id=CVE-2023-31425
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. ... Una vulnerabilidad en el comando fosexec de Brocade Fabric OS después de Brocade Fabric OS v9.1.0 y, antes de Brocade Fabric OS v9.1.1 podría permitir a un usuario local autenticado realizar una escalada de privilegios a root rompiendo el shell rbash. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22407 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3670 – Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
https://notcve.org/view.php?id=CVE-2023-3670
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. This vulnerability allows local attackers to escalate privileges on affected installations of CODESYS Development System. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the Administrator. • https://cert.vde.com/en/advisories/VDE-2023-024 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-28130 – Checkpoint Gaia Portal R81.10 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page. • http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html http://seclists.org/fulldisclosure/2023/Aug/4 http://seclists.org/fulldisclosure/2023/Jul/43 https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal https://support.checkpoint.com/results/sk/sk181311 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 7CVE-2023-32629
https://notcve.org/view.php?id=CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels La vulnerabilidad de escalada de privilegios locales en los kernels de Ubuntu que superpone ovl_copy_up_meta_inode_data omite comprobaciones de permisos al llamar a ovl_do_setxattr en kernels de Ubuntu • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation https://github.com/xS9NTX/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629 https://github.com/kaotickj/Check-for-CVE-2023-32629-GameOver-lay https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629 https://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629 http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN& • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 7CVE-2023-2640 – Canonical Ubuntu OverlayFS File System Missing Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2640
This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation https://github.com/xS9NTX/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629 https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629 https://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629 https://github.com/K5LK/CVE-2023-2640-32629 https://cve.mitre.org/cgi-bin/cvename.cgi? • CWE-863: Incorrect Authorization •