CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51577 – Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51577
20 Dec 2023 — Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-23-1883 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51579 – Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51579
20 Dec 2023 — Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can le... • https://www.zerodayinitiative.com/advisories/ZDI-23-1885 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51588 – Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51588
20 Dec 2023 — Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An... • https://www.zerodayinitiative.com/advisories/ZDI-23-1893 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6932 – Use-after-free in Linux kernel's ipv4: igmp component
https://notcve.org/view.php?id=CVE-2023-6932
19 Dec 2023 — A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. ... This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6931 – Out-of-bounds write in Linux kernel's Performance Events system component
https://notcve.org/view.php?id=CVE-2023-6931
19 Dec 2023 — A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. ... This may lead to a system crash, code execution, or local privilege escalation. • https://github.com/K0n9-log/CVE-2023-6931 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
19 Dec 2023 — Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49706
https://notcve.org/view.php?id=CVE-2023-49706
19 Dec 2023 — Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. • https://linotp.org/CVE-2023-49706.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50226 – Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50226
19 Dec 2023 — Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. • https://github.com/kn32/parallels-file-move-privesc • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50228 – Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50228
19 Dec 2023 — Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage... • https://kb.parallels.com/en/125013 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6817 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6817
18 Dec 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... This issue may allow a local user with CAP_NET_ADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-416: Use After Free •