CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47172
https://notcve.org/view.php?id=CVE-2023-47172
Certain WithSecure products allow Local Privilege Escalation. • https://www.withsecure.com/en/support/security-advisories/cve-2023-47172 •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-44449 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44449
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115 https://www.zerodayinitiative.com/advisories/ZDI-23-1717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. • https://github.com/Hebing123/CVE-2023-44796/issues/1 https://github.com/Hebing123/cve/issues/4 https://github.com/LimeSurvey/LimeSurvey/pull/3483 https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45794
https://notcve.org/view.php?id=CVE-2023-45794
A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6006 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-6006
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de PaperCut NG. ... This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/CommonSecurityQuestions https://www.papercut.com/kb/Main/Security-Bulletin-November-2023 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •