CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3389 – Use after free in io_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-3389
28 Jun 2023 — A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. ... A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-3090 – Out-of-bounds write in Linux kernel's ipvlan network driver
https://notcve.org/view.php?id=CVE-2023-3090
28 Jun 2023 — A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. ... This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2005 – Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2005
26 Jun 2023 — This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-21 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
23 Jun 2023 — A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3256 – Advantech R-SeeNet External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-3256
22 Jun 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45287
https://notcve.org/view.php?id=CVE-2022-45287
21 Jun 2023 — An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. • http://cwx.com •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
20 Jun 2023 — Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2847 – Local privilege escalation in ESET products for Linux and MacOS
https://notcve.org/view.php?id=CVE-2023-2847
15 Jun 2023 — During internal security analysis, a local privilege escalation vulnerability has been identified. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4149 – Local privilege escalation using log file
https://notcve.org/view.php?id=CVE-2022-4149
15 Jun 2023 — The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder ... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2270 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-2270
15 Jun 2023 — The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code w... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •