CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32050 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-32050
Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42082 – Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
https://notcve.org/view.php?id=CVE-2021-42082
Local users are able to execute scripts under root privileges. • https://csirt.divd.nl/CVE-2021-42082 https://www.divd.nl/DIVD-2021-00020 https://www.osnexus.com/products/software-defined-storage https://www.wbsec.nl/osnexus https://csirt.divd.nl/DIVD-2021-00020 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30765 – Delta Electronics InfraSuite Device Master Improper Access Control
https://notcve.org/view.php?id=CVE-2023-30765
Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/0xfml/CVE-2023-30765 https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32000
https://notcve.org/view.php?id=CVE-2023-32000
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. • https://community.ui.com/releases/Security-Advisory-Bulletin-034-034/53cfcb84-b42b-4f8f-afbf-07c0ca7cabe2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24256
https://notcve.org/view.php?id=CVE-2023-24256
An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. • https://github.com/hhj4ck/JailBreakEC6/blob/main/BugReport.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •