CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51577 – Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51577
Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1883 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-50231 – NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50231
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106 https://www.zerodayinitiative.com/advisories/ZDI-23-1847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6932 – Use-after-free in Linux kernel's ipv4: igmp component
https://notcve.org/view.php?id=CVE-2023-6932
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. Una vulnerabilidad de use after free en el componente ipv4: igmp del kernel de Linux se puede explotar para lograr una escalada de privilegios local. ... This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1 https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023-6932 https://bugzilla.redhat.com/show_bug.cgi?id=2255283 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6931 – Out-of-bounds write in Linux kernel's Performance Events system component
https://notcve.org/view.php?id=CVE-2023-6931
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. Se puede aprovechar una vulnerabilidad de escritura fuera de los límites en la pila en el componente del sistema Performance Events del kernel de Linux para lograr una escalada de privilegios local. ... This may lead to a system crash, code execution, or local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023-6931 https://bugzilla.redhat.com/show_bug.cgi?id=2252731 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50226 – Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50226
Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://kb.parallels.com/en/125013 https://www.zerodayinitiative.com/advisories/ZDI-23-1805 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •