CVE-2023-27324 – Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27324
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-23-218 • CWE-665: Improper Initialization •
CVE-2023-27323 – Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27323
Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-23-217 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-26600 – ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-26600
This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2023-26600.html •
CVE-2022-45988
https://notcve.org/view.php?id=CVE-2022-45988
starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. • https://github.com/happy0717/CVE-2022-45988 https://github.com/happy0717/StarSoftComm_HP_CooCare_An_elevation_of_privilege_vulnerability_exists/edit/main/README.md • CWE-269: Improper Privilege Management •
CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. ... The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. • https://github.com/Zenmovie/CVE-2023-26604 http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 https://security.netapp.com/advisory/ntap-20230505-0009 https:& •