CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27325 – Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27325
07 Mar 2023 — Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installatio... • https://kb.parallels.com/125013 • CWE-665: Improper Initialization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27326 – Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27326
07 Mar 2023 — Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Par... • https://github.com/Malwareman007/CVE-2023-27326 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27327 – Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27327
07 Mar 2023 — Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. An attacke... • https://github.com/kn32/parallels-plist-escape • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27328 – Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27328
07 Mar 2023 — Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability... • https://kb.parallels.com/125013 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2023-26600 – ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-26600
06 Mar 2023 — This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://manageengine.com •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45988
https://notcve.org/view.php?id=CVE-2022-45988
03 Mar 2023 — starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. • https://github.com/happy0717/CVE-2022-45988 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45551
https://notcve.org/view.php?id=CVE-2022-45551
03 Mar 2023 — An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. • http://shenzhen.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
03 Mar 2023 — systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. ... The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. • https://github.com/Zenmovie/CVE-2023-26604 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-0461 – Use-after-free vulnerability in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0461
28 Feb 2023 — There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. ... There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. • https://github.com/hshivhare67/kernel_v4.19.72_CVE-2023-0461 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25145 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25145
24 Feb 2023 — A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •