CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42824 – Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42824
A local attacker may be able to elevate their privileges. ... Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. • https://support.apple.com/en-us/HT213972 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-44410 – D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44410
This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.zerodayinitiative.com/advisories/ZDI-23-1508 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 17%CPEs: 18EXPL: 18CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. ... GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. • id=2238352 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006 https://www.debian.org/security/2023/dsa-5514 https:// • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •