CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
Local privilege escalation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42824 – Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42824
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. • https://support.apple.com/en-us/HT213972 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-44410 – D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44410
This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.zerodayinitiative.com/advisories/ZDI-23-1508 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 3%CPEs: 18EXPL: 18CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • id=2238352 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006 https://www.debian.org/security/2023/dsa-5514 https:// • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •