CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43554 – Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-43554
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability Vulnerabilidad de escalada de privilegios locales de autenticación faltante de Ivanti Avalanche Smart Device Service This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43555 – Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-43555
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability Vulnerabilidad de escalada de privilegios locales sin autenticación de Ivanti Avalanche Printer Device Service This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3893 – Kubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-3893
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. • https://github.com/kubernetes/kubernetes/issues/119594 https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ https://security.netapp.com/advisory/ntap-20231221-0004 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2023-46980
https://notcve.org/view.php?id=CVE-2023-46980
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. • https://github.com/sajaljat/CVE-2023-46980 https://github.com/sajaljat/CVE-2023-46980/tree/main https://youtu.be/3Mz2lSElg7Y • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31027
https://notcve.org/view.php?id=CVE-2023-31027
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-427: Uncontrolled Search Path Element •