CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1900 – Avira Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1900
This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633 This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28122
https://notcve.org/view.php?id=CVE-2023-28122
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33975
https://notcve.org/view.php?id=CVE-2021-33975
Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. • https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html https://pastebin.com/ivNL7s0n https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25554
https://notcve.org/view.php?id=CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21990 – Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21990
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2023.html • CWE-269: Improper Privilege Management •