CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30765 – Delta Electronics InfraSuite Device Master Improper Access Control
https://notcve.org/view.php?id=CVE-2023-30765
10 Jul 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/0xfml/CVE-2023-30765 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32000
https://notcve.org/view.php?id=CVE-2023-32000
07 Jul 2023 — A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. • https://community.ui.com/releases/Security-Advisory-Bulletin-034-034/53cfcb84-b42b-4f8f-afbf-07c0ca7cabe2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2023-29381
https://notcve.org/view.php?id=CVE-2023-29381
06 Jul 2023 — An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. • https://wiki.zimbra.com/wiki/Security_Center • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24256
https://notcve.org/view.php?id=CVE-2023-24256
06 Jul 2023 — An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. • https://github.com/hhj4ck/JailBreakEC6/blob/main/BugReport.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 3CVE-2023-35001 – Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-35001
05 Jul 2023 — A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/synacktiv/CVE-2023-35001 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-31248 – Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-31248
05 Jul 2023 — Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace Vulnerabilidad de Escalada de Privilegios Locales de Use-After-Free de Linux nftables; 'nft_chain_lookup_byid()' no pudo comprobar si una cadena estaba activa y CAP_NET_ADMIN está en cualquier espacio de nombres de usuario o red A use-after-free flaw was found in the Linux kernel's Netfilter module in ... • http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36623
https://notcve.org/view.php?id=CVE-2023-36623
05 Jul 2023 — This allows a local user to calculate the root password and escalate privileges. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-013.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36624
https://notcve.org/view.php?id=CVE-2023-36624
05 Jul 2023 — Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-004.txt • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-28323 – Ivanti Endpoint Manager ProcessEPMAuthToken Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-28323
30 Jun 2023 — This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. • https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33298
https://notcve.org/view.php?id=CVE-2023-33298
30 Jun 2023 — com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. • https://support.perimeter81.com/docs/macos-agent-release-notes • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •