CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6931 – Out-of-bounds write in Linux kernel's Performance Events system component
https://notcve.org/view.php?id=CVE-2023-6931
19 Dec 2023 — A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. ... Se puede aprovechar una vulnerabilidad de escritura fuera de los límites en la pila en el componente del sistema Performance Events del kernel de Linux para lograr una escalada de privilegios local. ... This may lead to a system crash, code execution, or local privilege escalation. ... A local at... • https://github.com/K0n9-log/CVE-2023-6931 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50226 – Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50226
19 Dec 2023 — Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability all... • https://github.com/kn32/parallels-file-move-privesc • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
19 Dec 2023 — Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50228 – Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50228
19 Dec 2023 — Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on<... • https://kb.parallels.com/en/125013 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49706
https://notcve.org/view.php?id=CVE-2023-49706
19 Dec 2023 — Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. • https://linotp.org/CVE-2023-49706.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6817 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6817
18 Dec 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. ... This issue may allow a local user with CAP_NET_ADMIN capability to trigger an application crash, information disclosure, or local privilege escalation
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-51384 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2023-51384
18 Dec 2023 — An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS. • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46348
https://notcve.org/view.php?id=CVE-2023-46348
14 Dec 2023 — SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. • https://security.friendsofpresta.org/modules/2023/12/07/sturls.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48925
https://notcve.org/view.php?id=CVE-2023-48925
14 Dec 2023 — SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). • https://security.friendsofpresta.org/modules/2023/12/07/bavideotab.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45170 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-45170
13 Dec 2023 — IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. ... IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando piobe para escalar privilegios o provocar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267968 •