CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42126 – G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42126
29 Sep 2023 — G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage th... • https://www.zerodayinitiative.com/advisories/ZDI-23-1493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
29 Sep 2023 — This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
29 Sep 2023 — An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40375 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40375
28 Sep 2023 — Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-44157
https://notcve.org/view.php?id=CVE-2023-44157
27 Sep 2023 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3956 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42122 – Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42122
27 Sep 2023 — Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to ... • https://www.zerodayinitiative.com/advisories/ZDI-23-1479 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42124 – Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42124
27 Sep 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attac... • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42125 – Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42125
27 Sep 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attac... • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43320 – Proxmox VE 7.4-1 TOTP Brute Force
https://notcve.org/view.php?id=CVE-2023-43320
27 Sep 2023 — An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. • http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html •