CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46741 – CubeFS leaks magic secret key when starting Blobstore access service
https://notcve.org/view.php?id=CVE-2023-46741
03 Jan 2024 — A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. • https://github.com/cubefs/cubefs/commit/972f0275ee8d5dbba4b1530da7c145c269b31ef5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41776
03 Jan 2024 — There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47458
https://notcve.org/view.php?id=CVE-2023-47458
02 Jan 2024 — An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. • http://springblade.com • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41542
https://notcve.org/view.php?id=CVE-2023-41542
30 Dec 2023 — SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. • https://pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41543
https://notcve.org/view.php?id=CVE-2023-41543
30 Dec 2023 — SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. • https://mp.weixin.qq.com/s/q6R-kaN4XS5d_cgWtq46vw • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51780 – kernel: use-after-free in net/atm/ioctl.c
https://notcve.org/view.php?id=CVE-2023-51780
25 Dec 2023 — This issue can allow an attacker to possibly gain unauthorized access, escalate privileges, or cause the system to crash. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48670
https://notcve.org/view.php?id=CVE-2023-48670
22 Dec 2023 — Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Dell SupportAssist para PCs domésticos versión 3.14.1 y versiones anteriores contienen una vulnerabilidad de escalada de privilegios en el instalador. Un atacante local autenticado con pocos pri... • https://www.dell.com/support/kbdoc/en-us/000220677/dsa-2023-468-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
21 Dec 2023 — An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • http://www.openwall.com/lists/oss-security/2024/04/10/18 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50477
https://notcve.org/view.php?id=CVE-2023-50477
21 Dec 2023 — An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. • https://github.com/nos/client/issues/1485 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50231 – NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50231
20 Dec 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. An attacker can leverage this vulnerability to escalate privileges to resources normally p... • https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •