CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22294 – Privilege escalation in Checkmk Appliance
https://notcve.org/view.php?id=CVE-2023-22294
18 Apr 2023 — Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. • https://checkmk.com/werk/9520 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28143 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28143
18 Apr 2023 — Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of P... • https://qualys.com/security-advisories • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28142 – Race Condition
https://notcve.org/view.php?id=CVE-2023-28142
18 Apr 2023 — This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. • https://www.qualys.com/security-advisories • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 5CVE-2023-1326 – local privilege escalation in apport-cli
https://notcve.org/view.php?id=CVE-2023-1326
13 Apr 2023 — A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. • https://github.com/diego-tella/CVE-2023-1326-PoC • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-2007
13 Apr 2023 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 1CVE-2023-2008 – Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2008
13 Apr 2023 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. ... This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/bluefrostsecurity/CVE-2023-2008 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2006 – Linux Kernel RxRPC Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2006
13 Apr 2023 — This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=2189112 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2023-26918 – File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
https://notcve.org/view.php?id=CVE-2023-26918
13 Apr 2023 — Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. ... File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. • https://www.exploit-db.com/exploits/51375 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-29539 – Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29539
12 Apr 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1872 – Use-after-free in Linux kernel's io_uring subsystem
https://notcve.org/view.php?id=CVE-2023-1872
12 Apr 2023 — A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-416: Use After Free •