| 425 | Multiple vulnerabilities in Nokia BTS Airscale ASIKA |
Base transceiver station
Path traversal
Hardcoded private key
Local Privilege Escalation
Security misconfiguration |
Nokia |
Geoffrey Bertoli (@YofBalibump) |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 422 | Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS |
Local Privilege Escalation |
Apple (macOS) |
Austin Emmitt (@alkalinesec) |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 396 | From CVE-2022-33679 to Unauthenticated Kerberoasting |
Kerberos
MiTM
Local Privilege Escalation
Downgrade attack |
Microsoft (Windows) |
Trampas Howe (@trampashowe) |
Bug Bounty | 2023-02-25 | 2023-06-13 |
| 394 | Give me a browser, I’ll give you a Shell |
Local Privilege Escalation
Kiosk hacking |
NA |
Rend |
Bug Bounty | 2023-02-25 | 2023-06-13 |
| 356 | Bypass TCC via iCloud |
TCC bypass
Local Privilege Escalation |
Apple (macOS) |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 326 | Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) |
Local Privilege Escalation
IoT |
NA |
Sean Pesce (@SeanPesce) |
Bug Bounty | 2023-03-09 | 2023-06-13 |
| 309 | Veeam Backup and Replication CVE-2023-27532 Deep Dive |
Local Privilege Escalation |
Veeam |
James Horseman (@JamesHorseman2) |
Bug Bounty | 2023-03-13 | 2023-06-13 |
| 306 | Your Browser is Not a Safe Space |
Local Privilege Escalation
Lateral movement |
NA |
Corey Ham |
Bug Bounty | 2023-03-14 | 2023-06-13 |
| 276 | Windows Installer EOP (CVE-2023-21800) |
Local Privilege Escalation |
Microsoft (Windows) |
Adrian Denkiewicz |
Bug Bounty | 2023-03-21 | 2023-06-13 |
| 261 | Dynamic Linking Injection and LOLBAS Fun |
DLL Hijacking
Dynamic-linking injection
Local Privilege Escalation |
NA |
Joseph Henry |
Bug Bounty | 2023-03-28 | 2023-06-13 |
| 233 | CyberGhostVPN - the story of finding MITM, RCE, LPE in the Linux client |
RCE
MiTM
Local Privilege Escalation |
CyberGhost |
mmmds |
Bug Bounty | 2023-04-03 | 2023-06-13 |
| 228 | Windows Task Scheduler Application, Version 19044.1706 Advisory |
Unquoted search path
Local Privilege Escalation |
Microsoft (Windows) |
Ben Lincoln (@0x00C651E0) |
Bug Bounty | 2023-04-04 | 2023-06-13 |
| 227 | Microsoft Intune, Version 1.55.48.0 Advisory |
Unquoted search path
Local Privilege Escalation |
Microsoft (Intune) |
Ben Lincoln (@0x00C651E0) |
Bug Bounty | 2023-04-04 | 2023-06-13 |
| 224 | Bash Privileged-mode Vulnerabilities In Parallels Desktop And CDPATH Handling In MacOS |
MacoS
Local Privilege Escalation |
Parallels |
Reno Robert (@renorobertr) |
Bug Bounty | 2023-04-06 | 2023-06-13 |
| 202 | CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd |
Local Privilege Escalation |
shadow-utils |
Tom Neaves |
Bug Bounty | 2023-04-12 | 2023-06-13 |
| 180 | Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2 |
Local Privilege Escalation
TOCTOU
Arbitrary file write |
Docker |
Eviatar Gerzi |
Bug Bounty | 2023-04-19 | 2023-06-13 |
| 173 | The Fuzzing Guide to the Galaxy: An Attempt with Android System Services |
Android
Fuzzing
Heap overflow
Integer overflow
Out-of-bounds Write
Memory corruption
Local Privilege Escalation |
Samsung |
Anthony Remy |
Bug Bounty | 2023-04-20 | 2023-06-13 |
| 169 | CVE-2023-23525: Get Root via A Fake Installer |
Local Privilege Escalation |
Apple (macOS) |
Mickey Jin (@patch1t) |
Bug Bounty | 2023-04-20 | 2023-06-13 |
| 150 | Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587) |
TOCTOU
NULL pointer dereference
Arbitrary file write
Local Privilege Escalation |
Avast |
Denis Skvortcov (@Denis_Skvortcov) |
Bug Bounty | 2023-04-26 | 2023-06-13 |
| 146 | Privilege Escalation in Microsoft Windows |
Local Privilege Escalation |
Microsoft (Windows) |
Tobias Neitzel (@qtc_de) |
Bug Bounty | 2023-04-28 | 2023-06-13 |
| 126 | CVE-2023-25394 - VideoStream Local Privilege Escalation |
Local Privilege Escalation |
Videostream |
Dan Revah (@danrevah) |
Bug Bounty | 2023-05-03 | 2023-06-13 |
| 120 | Bullied by Bugcrowd over Kape CyberGhost disclosure |
Local Privilege Escalation
OS command injection
Security code review |
Kape (CyberGhost) |
Ceri Coburn (@_ethicalchaos_) |
Bug Bounty | 2023-05-05 | 2023-06-13 |
| 111 | Escaping Parallels Desktop with Plist Injection |
Local Privilege Escalation
Plist injection
TOCTOU |
Parallels |
kn32 |
Bug Bounty | 2023-05-08 | 2023-06-13 |
| 95 | CVE-2023-26818 - Bypass TCC with Telegram in macOS |
TCC bypass
Local Privilege Escalation |
Apple (macOS) |
Dan Revah (@danrevah) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 92 | Finding and reporting a Gatekeeper bypass exploit with help from Mac Monitor |
GateKeeper bypass
Local Privilege Escalation
MacOS |
Apple (macOS) |
Brandon Dalton (@PartyD0lphin) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
