CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42125 – Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42125
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34043
https://notcve.org/view.php?id=CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". • https://www.vmware.com/security/advisories/VMSA-2023-0020.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0633 – In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE
https://notcve.org/view.php?id=CVE-2023-0633
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. En Docker Desktop en Windows anterior a 4.12.0, una inyección de argumento en el instalador puede provocar una escalada de privilegios local (LPE). Este problema afecta a Docker Desktop: anterior a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0627 – Docker Desktop 4.11.x allows --no-windows-containers flag bypass
https://notcve.org/view.php?id=CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. Docker Desktop 4.11.x permite omitir el indicador --no-windows-containers a través de la suplantación de respuesta de IPC, lo que puede provocar una escalada de privilegios locales (LPE). Este problema afecta a Docker Desktop: 4.11.X. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-501: Trust Boundary Violation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41419 – python-gevent: privilege escalation via a crafted script to the WSGIServer component
https://notcve.org/view.php?id=CVE-2023-41419
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. • https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c https://github.com/gevent/gevent/issues/1989 https://access.redhat.com/security/cve/CVE-2023-41419 https://bugzilla.redhat.com/show_bug.cgi?id=2240651 • CWE-269: Improper Privilege Management •