CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44217
https://notcve.org/view.php?id=CVE-2023-44217
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. • https://github.com/advisories/GHSA-jw5c-8746-98g5 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43976
https://notcve.org/view.php?id=CVE-2023-43976
An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. • https://www.catonetworks.com https://www.ns-echo.com/posts/cve_2023_43976.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4956 – Caphyon Advanced Installer WinSxS DLL uncontrolled search path
https://notcve.org/view.php?id=CVE-2022-4956
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability https://vuldb.com/? • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •