CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33472
https://notcve.org/view.php?id=CVE-2023-33472
13 Jan 2024 — An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. • https://hev0x.github.io/posts/scadalts-cve-2023-33472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42463 – wazuh-logcollector integer underflow local privilege escalation
https://notcve.org/view.php?id=CVE-2023-42463
12 Jan 2024 — This bug introduced a stack overflow hazard that could allow a local privilege escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-6740 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2023-6740
12 Jan 2024 — Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2023-6735 – Privilege escalation in mk_tsm
https://notcve.org/view.php?id=CVE-2023-6735
12 Jan 2024 — Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38267 – IBM Security Access Manager Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-38267
11 Jan 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260584 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
11 Jan 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46474
https://notcve.org/view.php?id=CVE-2023-46474
11 Jan 2024 — File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. • https://github.com/Xn2/CVE-2023-46474 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2023-52330 – Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52330
11 Jan 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29445 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29445
10 Jan 2024 — An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29444 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29444
10 Jan 2024 — An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 • CWE-427: Uncontrolled Search Path Element •