CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30988 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30988
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254016 https://www.ibm.com/support/pages/node/7012355 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35692
https://notcve.org/view.php?id=CVE-2023-35692
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-07-01 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38102 – NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-38102
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025 https://www.zerodayinitiative.com/advisories/ZDI-23-914 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37849
https://notcve.org/view.php?id=CVE-2023-37849
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. Una vulnerabilidad de secuestro de DLL en Panda Security VPN para Windows anterior a la versión v15.14.8 permite a los atacantes ejecutar código arbitrario mediante la colocación de un archivo DLL manipulado en el mismo directorio que "PANDAVPN.exe". • https://heegong.github.io/posts/Local-privilege-escalation-in-Panda-Dome-VPN-for-Windows-Installer https://www.pandasecurity.com/en/homeusers/vpn https://www.pandasecurity.com/en/support/card? • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38100 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-38100
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025 https://www.zerodayinitiative.com/advisories/ZDI-23-916 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •