| 663 | Passwordless Persistence and Privilege Escalation in Azure |
Privilege escalation
Cloud
Azure AD |
Microsoft |
Andy Robbins (@_wald0) |
Bug Bounty | 2022-12-21 | 2023-06-13 |
| 659 | ACSESSED: Cross-tenant network bypass in Azure Cognitive Search |
Cloud
Cross-tenant vulnerability
Privilege escalation |
Microsoft (Azure) |
Emilien Socchi (@emiliensocchi) |
Bug Bounty | 2022-12-22 | 2023-06-13 |
| 607 | Lexmark MC3224adwe RCE exploit |
RCE
SSRF
Printer hacking
Unrestricted file upload
Local Privilege Escalation |
Lexmark |
blasty (@bl4sty) |
Bug Bounty | 2023-01-09 | 2023-06-13 |
| 600 | SSD Advisory – MacOS Mozilla Firefox Download Protections Were Bypassed By .atloc / .ftploc Files |
Local Privilege Escalation |
Mozilla (Firefox) |
Dohyun Lee |
Bug Bounty | 2023-01-11 | 2023-06-13 |
| 599 | Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen |
Local Privilege Escalation
Browser hacking
Symbolic link following |
Google (Chrome & Chromium) |
Ron Masas (@RonMasas) |
Bug Bounty | 2023-01-11 | 2023-06-13 |
| 597 | DER Entitlements: The (Brief) Return of the Psychic Paper |
iOS
MacOS
Local Privilege Escalation |
Apple |
Ivan Fratric (@ifsecure) |
Bug Bounty | 2023-01-12 | 2023-06-13 |
| 595 | Bad things come in large packages: .pkg signature verification bypass on macOS |
Local Privilege Escalation
GateKeeper bypass
SIP bypass
MacOS |
Apple |
Sector 7 (@sector7_nl) |
Bug Bounty | 2023-01-13 | 2023-06-13 |
| 575 | Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809) |
Local Privilege Escalation |
Sudo |
Matthieu Barjole (@aevy__) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 572 | Nothing new under the Sun – Discovering and exploiting a CDE bug chain |
Printer hacking
Local Privilege Escalation
Memory corruption
Buffer Overflow |
Oracle |
Marco Ivaldi / Raptor (@0xdea) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 570 | API Misconfiguration - No Swag of SwaggerUI |
Security misconfiguration
Privilege escalation |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-01-19 | 2023-06-13 |
| 554 | CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage |
Thick client
Insecure data storage
Local Privilege Escalation |
Signal |
John Jackson (@johnjhacking) |
Bug Bounty | 2023-01-22 | 2023-06-13 |
| 552 | Activation Context Cache Poisoning: Exploiting CSRSS For Privilege Escalation |
Local Privilege Escalation
Windows |
Microsoft |
Simon Zuckerbraun |
Bug Bounty | 2023-01-23 | 2023-06-13 |
| 507 | WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS |
RCE
Hardcoded credentials
Privilege escalation |
Western Digital |
Pedro Ribeiro (@pedrib1337) |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 506 | Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1 |
Local Privilege Escalation
Windows
Thick client |
Docker |
Eviatar Gerzi |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 504 | Host Header Injection to Complete Organization takeover |
SSRF
Host header injection
Privilege escalation |
NA |
Muhammad Umer Adeem |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 502 | WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS |
RCE
Hardcoded credentials
Privilege escalation
Cryptographic issues
Security code review |
Western Digital |
Pedro Ribeiro (@pedrib1337) |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 501 | Azure security — Internal recon leveraging lack of access control |
Azure AD
Cloud
Security misconfiguration
Privilege escalation |
Microsoft (Azure) |
Molx32 |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 487 | Post-Exploitation: Abusing the KeePass Plugin Cache |
Local Privilege escalation
Windows |
KeePass |
Kevin Minacori |
Bug Bounty | 2023-02-07 | 2023-06-13 |
| 472 | Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 and CVE-2021-45337) |
Local Privilege Escalation |
Avast |
Denis Skvortcov (@Denis_Skvortcov) |
Bug Bounty | 2023-02-09 | 2023-06-13 |
| 470 | LocalPotato - When Swapping The Context Leads You To SYSTEM |
Windows
NTLM
Local Privilege Escalation |
Microsoft |
Andrea Pierini (@decoder_it) |
Bug Bounty | 2023-02-10 | 2023-06-13 |
| 457 | Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanism |
CSRF |
NA |
Imad Husanovic (@deadoverflow_) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 453 | LPE via StorSvc |
Local Privilege Escalation
DLL Hijacking |
Microsoft (Windows) |
Antón Ortigueira (@antuache) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 440 | EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955 |
Local Privilege Escalation |
Microsoft (Windows) |
ap (@decoder_it) |
Bug Bounty | 2023-02-16 | 2023-06-13 |
| 436 | Readline crime: exploiting a SUID logic bug |
Local Privilege Escalation |
Arch Linux
util-linux |
roddux |
Bug Bounty | 2023-02-16 | 2023-06-13 |
| 433 | Disabling ClamAV as an Unprivileged User |
Local Privilege Escalation |
ClamAV |
Arch Cloud Labs (@DLL_Cool_J) |
Bug Bounty | 2023-02-19 | 2023-06-13 |
