CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4207 – Use-after-free in Linux kernel's net/sched: cls_fw component
https://notcve.org/view.php?id=CVE-2023-4207
06 Sep 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-4206 – Use-after-free in Linux kernel's net/sched: cls_route component
https://notcve.org/view.php?id=CVE-2023-4206
06 Sep 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. • https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-32428
https://notcve.org/view.php?id=CVE-2023-32428
06 Sep 2023 — This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. Este problema se solucionó con un mejor manejo de archivos. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://github.com/gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4487 – GE Digital CIMPLICITY Process Control
https://notcve.org/view.php?id=CVE-2023-4487
05 Sep 2023 — GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability • CWE-114: Process Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39365 – Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
https://notcve.org/view.php?id=CVE-2023-39365
05 Sep 2023 — This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. • https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2202
https://notcve.org/view.php?id=CVE-2015-2202
05 Sep 2023 — Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35593
https://notcve.org/view.php?id=CVE-2020-35593
05 Sep 2023 — BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. • http://web.archive.org/web/20210106175128/https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36100
https://notcve.org/view.php?id=CVE-2023-36100
01 Sep 2023 — An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. • https://github.com/Thecosy/IceCMS/issues/15 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36326
https://notcve.org/view.php?id=CVE-2023-36326
01 Sep 2023 — Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. • https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24674
https://notcve.org/view.php?id=CVE-2023-24674
01 Sep 2023 — Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. • https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107 • CWE-862: Missing Authorization •