CVSS: 6.7EPSS: 0%CPEs: 27EXPL: 0CVE-2023-20633
https://notcve.org/view.php?id=CVE-2023-20633
07 Mar 2023 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27327 – Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27327
07 Mar 2023 — Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary ... • https://github.com/kn32/parallels-plist-escape • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 27EXPL: 0CVE-2023-20632
https://notcve.org/view.php?id=CVE-2023-20632
07 Mar 2023 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27323 – Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27323
07 Mar 2023 — Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installati... • https://kb.parallels.com/125013 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27326 – Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27326
07 Mar 2023 — Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability a... • https://github.com/Malwareman007/CVE-2023-27326 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27325 – Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27325
07 Mar 2023 — Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installation... • https://kb.parallels.com/125013 • CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2023-26600 – ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-26600
06 Mar 2023 — ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://manageengine.com •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45988
https://notcve.org/view.php?id=CVE-2022-45988
03 Mar 2023 — starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. • https://github.com/happy0717/CVE-2022-45988 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-27561 – runc: volume mount race condition (regression of CVE-2019-19921)
https://notcve.org/view.php?id=CVE-2023-27561
03 Mar 2023 — runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. ... An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. • https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
03 Mar 2023 — systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. ... The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. ... Issues addressed include bypass and privilege escalation vuln... • http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html •