CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46584
https://notcve.org/view.php?id=CVE-2023-46584
25 Oct 2023 — SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. • https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-43506 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-43506
24 Oct 2023 — A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. Una vulnerabilidad en el agente de Linux ClearPass OnGuard podría permitir a usuarios malintencionados elevar sus privilegios de usuario a aquellos de una función superior. Un exploit exitoso permite a usuarios malintencionados eje... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45990
https://notcve.org/view.php?id=CVE-2023-45990
24 Oct 2023 — Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. • https://github.com/PwnCYN/Wenwenai/issues/2 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28797 – LPE using arbitrary file delete with Symlinks
https://notcve.org/view.php?id=CVE-2023-28797
23 Oct 2023 — Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. Zscaler Client Connector para Windows anterior a 4.1 escribe/elimina un archivo de configuración dentro de carpetas específicas en el disco. Un usuario malintencionado puede reemplazar la carpeta y ejecutar código como usuario privilegiado. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
21 Oct 2023 — Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46055
https://notcve.org/view.php?id=CVE-2023-46055
21 Oct 2023 — An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34045 – VMware Fusion installer local privilege escalation
https://notcve.org/view.php?id=CVE-2023-34045
20 Oct 2023 — VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upg... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34046 – VMware Fusion TOCTOU local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-34046
20 Oct 2023 — A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. ... A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27791
https://notcve.org/view.php?id=CVE-2023-27791
19 Oct 2023 — An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27792
https://notcve.org/view.php?id=CVE-2023-27792
19 Oct 2023 — An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-862: Missing Authorization •