CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26837
https://notcve.org/view.php?id=CVE-2021-26837
18 Sep 2023 — SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. • https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42359
https://notcve.org/view.php?id=CVE-2023-42359
18 Sep 2023 — SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. • https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39612
https://notcve.org/view.php?id=CVE-2023-39612
16 Sep 2023 — A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. • https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 105EXPL: 0CVE-2023-32461
https://notcve.org/view.php?id=CVE-2023-32461
15 Sep 2023 — A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. ... Un usuario local malicioso con altos privilegios podría explotar potencialmente esta vulnerabilidad, lo que provocaría una corrupción de la memoria y potencialmente escalaría privilegios. • https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38557
https://notcve.org/view.php?id=CVE-2023-38557
14 Sep 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-357182.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38891
https://notcve.org/view.php?id=CVE-2023-38891
14 Sep 2023 — SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. • https://github.com/jselliott/CVE-2023-38891 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3255 – Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
https://notcve.org/view.php?id=CVE-2023-3255
13 Sep 2023 — A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3301 – Triggerable assertion due to race condition in hot-unplug
https://notcve.org/view.php?id=CVE-2023-3301
13 Sep 2023 — A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-3301 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-4921 – Use-after-free in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-4921
12 Sep 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. ... Una vulnerabilidad de use-after-free en el componente net/sched: sch_qfq del kernel de Linux se puede explotar para lograr una escalada de privilegios local. ... This issue may allow a local user to crash the system or escalate their privileges on the system. ... A local attacker could possibly use this to cause a denial of se... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 5CVE-2023-36802 – Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-36802
12 Sep 2023 — Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Proxy del Servicio de Microsoft Streaming Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. • https://github.com/x0rb3l/CVE-2023-36802-MSKSSRV-LPE • CWE-416: Use After Free •