CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34043
https://notcve.org/view.php?id=CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. • https://www.vmware.com/security/advisories/VMSA-2023-0020.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-42753 – Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
https://notcve.org/view.php?id=CVE-2023-42753
This issue may allow a local user to crash the system or potentially escalate their privileges on the system. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7558 h • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0633 – In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE
https://notcve.org/view.php?id=CVE-2023-0633
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. En Docker Desktop en Windows anterior a 4.12.0, una inyección de argumento en el instalador puede provocar una escalada de privilegios local (LPE). Este problema afecta a Docker Desktop: anterior a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0627 – Docker Desktop 4.11.x allows --no-windows-containers flag bypass
https://notcve.org/view.php?id=CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. Docker Desktop 4.11.x permite omitir el indicador --no-windows-containers a través de la suplantación de respuesta de IPC, lo que puede provocar una escalada de privilegios locales (LPE). Este problema afecta a Docker Desktop: 4.11.X. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-501: Trust Boundary Violation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41419 – python-gevent: privilege escalation via a crafted script to the WSGIServer component
https://notcve.org/view.php?id=CVE-2023-41419
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. ... A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges. • https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c https://github.com/gevent/gevent/issues/1989 https://access.redhat.com/security/cve/CVE-2023-41419 https://bugzilla.redhat.com/show_bug.cgi?id=2240651 • CWE-269: Improper Privilege Management •