CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28235 – etcd: Information discosure via debug function
https://notcve.org/view.php?id=CVE-2021-28235
04 Apr 2023 — Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. • http://etcd.com • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47191 – Privilege Escalation via file upload vulnerability at Generex CS141
https://notcve.org/view.php?id=CVE-2022-47191
31 Mar 2023 — Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. • https://www.generex.de/support/changelogs/cs141/2-12 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26858
https://notcve.org/view.php?id=CVE-2023-26858
31 Mar 2023 — SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. • https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
30 Mar 2023 — A Use-After-Free may lead to local privilege escalation. ... The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
29 Mar 2023 — Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
29 Mar 2023 — MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1516
https://notcve.org/view.php?id=CVE-2023-1516
28 Mar 2023 — RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. • https://robodk.com/contact • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3685 – SDM600 software privilege level
https://notcve.org/view.php?id=CVE-2022-3685
28 Mar 2023 — An attacker who successfully exploits this vulnerability can escalate privileges. ... An attacker who successfully exploits this vulnerability can escalate privileges. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28655 – CVE-2023-28655
https://notcve.org/view.php?id=CVE-2023-28655
27 Mar 2023 — A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1399 – KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1399
27 Mar 2023 — N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01 • CWE-502: Deserialization of Untrusted Data •