CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46055
https://notcve.org/view.php?id=CVE-2023-46055
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34045 – VMware Fusion installer local privilege escalation
https://notcve.org/view.php?id=CVE-2023-34045
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. VMware Fusion (13.x anterior a 13.5) contiene una vulnerabilidad de escalada de privilegios local que ocurre durante la instalación por primera vez (el usuario necesita arrastrar o copiar la aplicación a una carpeta desde el volumen '.dmg') o al instalar una actualización. Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion está instalado o donde se instala por primera vez. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34046 – VMware Fusion TOCTOU local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-34046
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. ... Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion está instalado o donde se instala por primera vez. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27791
https://notcve.org/view.php?id=CVE-2023-27791
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •