CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47145 – IBM Db2 for Windows privilege escalation
https://notcve.org/view.php?id=CVE-2023-47145
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270402 https://security.netapp.com/advisory/ntap-20240307-0003 https://www.ibm.com/support/pages/node/7105500 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50612
https://notcve.org/view.php?id=CVE-2023-50612
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. • https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50027
https://notcve.org/view.php?id=CVE-2023-50027
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. • https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46741 – CubeFS leaks magic secret key when starting Blobstore access service
https://notcve.org/view.php?id=CVE-2023-46741
A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. ... The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. • https://github.com/cubefs/cubefs/commit/972f0275ee8d5dbba4b1530da7c145c269b31ef5 https://github.com/cubefs/cubefs/security/advisories/GHSA-8h2x-gr2c-c275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41783 – Command Injection Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41783
Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •