CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1829 – Use-after-free in tcindex (traffic control index filter) in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-1829
12 Apr 2023 — A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and e... • https://github.com/lanleft/CVE-2023-1829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27830
https://notcve.org/view.php?id=CVE-2023-27830
12 Apr 2023 — TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. • https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26396 – Adobe Acrobat Reader DC for macOS installer (AcroRdrDC_2200220191_MUI.pkg) contains a local privilege escalation vulnerability.
https://notcve.org/view.php?id=CVE-2023-26396
12 Apr 2023 — Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43946 – Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43946
11 Apr 2023 — Additionally, a local attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 15%CPEs: 166EXPL: 1CVE-2023-26067 – Lexmark MC3224i lbtraceapp Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-26067
10 Apr 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/horizon3ai/CVE-2023-26067 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0652 – Local Privilege Escalation in Cloudflare WARP Installer (Windows)
https://notcve.org/view.php?id=CVE-2023-0652
06 Apr 2023 — Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destinatio... • https://developers.cloudflare.com/warp-client/get-started/windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1412 – Local Privilege Escalation Vulnerability in WARP's MSI Installer
https://notcve.org/view.php?id=CVE-2023-1412
05 Apr 2023 — An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of t... • https://developers.cloudflare.com/warp-client/get-started/windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27347 – G DATA Total Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27347
05 Apr 2023 — G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to ... • https://www.zerodayinitiative.com/advisories/ZDI-23-379 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27091
https://notcve.org/view.php?id=CVE-2023-27091
04 Apr 2023 — An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). • https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19279
https://notcve.org/view.php?id=CVE-2020-19279
04 Apr 2023 — Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. • https://github.com/advisories/GHSA-g277-4m9p-49hv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •