CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
This could allow a local unprivileged user to escalate their privileges on the system. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • http://www.openwall.com/lists/oss-security/2024/04/10/18 http://www.openwall.com/lists/oss-security/2024/04/10/21 http://www.openwall.com/lists/oss-security/2024/04/11/7 http://www.openwall.com/lists/oss-security/2024/04/11/9 http://www.openwall.com/lists/oss-security/2024/04/12/1 http://www.openwall.com/lists/oss-security/2024/04/12/2 http://www.openwall.com/lists/oss-security/2024/04/16/2 http://www.openwall.com/lists/oss-security/20 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50477
https://notcve.org/view.php?id=CVE-2023-50477
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. • https://github.com/nos/client/issues/1485 https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50477.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51515 – WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51515
This makes it possible for subscribers to escalate their privileges to those of a higher level account. • https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-8-privilege-escalation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-50231 – NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50231
This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106 https://www.zerodayinitiative.com/advisories/ZDI-23-1847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-51588 – Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51588
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1893 • CWE-798: Use of Hard-coded Credentials •