CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50226 – Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50226
Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://kb.parallels.com/en/125013 https://www.zerodayinitiative.com/advisories/ZDI-23-1805 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49706
https://notcve.org/view.php?id=CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. • https://linotp.org/CVE-2023-49706.txt https://linotp.org/security-update-linotp3-selfservice.html https://www.linotp.org/news.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50228 – Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50228
Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://kb.parallels.com/en/125013 https://www.zerodayinitiative.com/advisories/ZDI-23-1803 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6817 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6817
This issue may allow a local user with CAP_NET_ADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html http://www.openwall.com/lists/oss-security/2023/12/22/13 http://www.openwall.com/lists/oss-security/2023/12/22/6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023 • CWE-416: Use After Free •