CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
04 Oct 2023 — Local privilege escalation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42824 – Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42824
04 Oct 2023 — Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. • https://support.apple.com/en-us/HT213972 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
04 Oct 2023 — This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44410 – D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44410
04 Oct 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerabil... • https://www.zerodayinitiative.com/advisories/ZDI-23-1508 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 20%CPEs: 18EXPL: 22CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
03 Oct 2023 — A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que... • https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
03 Oct 2023 — A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44217
https://notcve.org/view.php?id=CVE-2023-44217
03 Oct 2023 — A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. • https://github.com/advisories/GHSA-jw5c-8746-98g5 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5345 – Use-after-free in Linux kernel's fs/smb/client component
https://notcve.org/view.php?id=CVE-2023-5345
03 Oct 2023 — A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43976
https://notcve.org/view.php?id=CVE-2023-43976
03 Oct 2023 — An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. • https://www.catonetworks.com • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4956 – Caphyon Advanced Installer WinSxS DLL uncontrolled search path
https://notcve.org/view.php?id=CVE-2022-4956
30 Sep 2023 — A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability • CWE-427: Uncontrolled Search Path Element •