CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37849
https://notcve.org/view.php?id=CVE-2023-37849
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. Una vulnerabilidad de secuestro de DLL en Panda Security VPN para Windows anterior a la versión v15.14.8 permite a los atacantes ejecutar código arbitrario mediante la colocación de un archivo DLL manipulado en el mismo directorio que "PANDAVPN.exe". • https://heegong.github.io/posts/Local-privilege-escalation-in-Panda-Dome-VPN-for-Windows-Installer https://www.pandasecurity.com/en/homeusers/vpn https://www.pandasecurity.com/en/support/card? • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38100 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-38100
This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025 https://www.zerodayinitiative.com/advisories/ZDI-23-916 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32050 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-32050
Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42082 – Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
https://notcve.org/view.php?id=CVE-2021-42082
Local users are able to execute scripts under root privileges. • https://csirt.divd.nl/CVE-2021-42082 https://www.divd.nl/DIVD-2021-00020 https://www.osnexus.com/products/software-defined-storage https://www.wbsec.nl/osnexus https://csirt.divd.nl/DIVD-2021-00020 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30765 – ​Delta Electronics InfraSuite Device Master Improper Access Control
https://notcve.org/view.php?id=CVE-2023-30765
This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/0xfml/CVE-2023-30765 https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01 • CWE-284: Improper Access Control •