CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46348
https://notcve.org/view.php?id=CVE-2023-46348
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. • https://security.friendsofpresta.org/modules/2023/12/07/sturls.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45170 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-45170
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. ... IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando piobe para escalar privilegios o provocar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267968 https://www.ibm.com/support/pages/node/7095022 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45174 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-45174
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. ... IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local privilegiado aproveche una vulnerabilidad en el comando qdaemon para escalar privilegios o provocar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267972 https://www.ibm.com/support/pages/node/7095022 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-49147 – PDF24 Creator 11.15.1 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-49147
This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe. ... Esto permite a un atacante local sin privilegios utilizar una cadena de acciones (por ejemplo, un bloqueo de operación en faxPrnInst.log) para abrir un cmd.exe de SYSTEM. PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer. • http://packetstormsecurity.com/files/176206/PDF24-Creator-11.15.1-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Dec/18 https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-pdf24-creator-geek-software-gmbh •
CVSS: 7.6EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6478 – Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
https://notcve.org/view.php?id=CVE-2023-6478
This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. • http://www.openwall.com/lists/oss-security/2023/12/13/1 https://access.redhat.com/errata/RHSA-2023:7886 https://access.redhat.com/errata/RHSA-2024:0006 https://access.redhat.com/errata/RHSA-2024:0009 https://access.redhat.com/errata/RHSA-2024:0010 https://access.redhat.com/errata/RHSA-2024:0014 https://access.redhat.com/errata/RHSA-2024:0015 https://access.redhat.com/errata/RHSA-2024:0016 https://access.redhat.com/errata/RHSA-2024:0017 https://access.redhat.com& • CWE-190: Integer Overflow or Wraparound •