CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
14 Aug 2023 — The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3160 – Local privilege escalation in security products for Windows
https://notcve.org/view.php?id=CVE-2023-3160
14 Aug 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8466 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23595
https://notcve.org/view.php?id=CVE-2020-23595
11 Aug 2023 — Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. • https://github.com/yzmcms/yzmcms/issues/47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36082
https://notcve.org/view.php?id=CVE-2020-36082
11 Aug 2023 — File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. • https://github.com/alexlang24/bloofoxCMS/issues/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28411
https://notcve.org/view.php?id=CVE-2021-28411
11 Aug 2023 — An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. • https://github.com/lerry903/RuoYi/issues/20 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29378
https://notcve.org/view.php?id=CVE-2021-29378
11 Aug 2023 — SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. • https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-36900 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36900
08 Aug 2023 — Windows Common Log File System Driver Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/RomanRybachek/CVE-2023-36900 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35359 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35359
08 Aug 2023 — Windows Kernel Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a high-privileged service account. • http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html • CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27411
https://notcve.org/view.php?id=CVE-2023-27411
08 Aug 2023 — This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39520 – Cryptomator vulnerable to Local Elevation of Privileges
https://notcve.org/view.php?id=CVE-2023-39520
07 Aug 2023 — The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. • https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b • CWE-269: Improper Privilege Management •