CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40516 – LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-40516
24 Aug 2023 — LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability t... • https://www.zerodayinitiative.com/advisories/ZDI-23-1218 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
23 Aug 2023 — A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. ... This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. • https://access.redhat.com/errata/RHSA-2023:4701 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48522
https://notcve.org/view.php?id=CVE-2022-48522
22 Aug 2023 — In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. • https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40352 – McAfee Safe Connect VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-40352
21 Aug 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Safe Connect VPN. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28715
https://notcve.org/view.php?id=CVE-2020-28715
21 Aug 2023 — An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). • http://leeco.com •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27362 – 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27362
21 Aug 2023 — 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute arbit... • https://www.3cx.com/blog/releases/v18-u8 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38899
https://notcve.org/view.php?id=CVE-2023-38899
21 Aug 2023 — SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. • http://o.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37250
https://notcve.org/view.php?id=CVE-2023-37250
20 Aug 2023 — Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. • https://github.com/ewilded/CVE-2023-37250-POC • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2737 – Improper securing of log directory may allow a denial of service
https://notcve.org/view.php?id=CVE-2023-2737
16 Aug 2023 — Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. ... Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. • https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=08f460ba47bba550c0e42e61e36d432f&sysparm_article=KB0027485 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38401 – Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
https://notcve.org/view.php?id=CVE-2023-38401
15 Aug 2023 — A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt •