CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4956 – Caphyon Advanced Installer WinSxS DLL uncontrolled search path
https://notcve.org/view.php?id=CVE-2022-4956
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability https://vuldb.com/? • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. ... Esta falla permite que un atacante local con privilegios (CAP_NET_ADMIN) active una lectura fuera de límites, lo que podría conducir a una divulgación de información. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42126 – G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42126
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40375 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40375
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. ... El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 https://www.ibm.com/support/pages/node/7038748 • CWE-269: Improper Privilege Management •