CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30759 – Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-30759
21 Apr 2023 — Nokia OneNDS 20.9 has loose sudo permissions that can allow users to escalate privileges. • https://packetstormsecurity.com/files/171971/Nokia-OneNDS-20.9-Insecure-Permissions-Privilege-Escalation.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31244 – Nokia OneNDS 17 Insecure Permissions / Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-31244
21 Apr 2023 — Nokia OneNDS 17 has loose sudo permissions that can allow users to escalate privileges. • https://packetstormsecurity.com/files/171970/Nokia-OneNDS-17-Insecure-Permissions-Privilege-Escalation.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47505 – SolarWinds Platform Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-47505
21 Apr 2023 — The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. ... This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2176 – kernel: Slab-out-of-bound read in compare_netdev_and_ip
https://notcve.org/view.php?id=CVE-2023-2176
20 Apr 2023 — This flaw allows a local user to crash or escalate privileges on the system. • https://security.netapp.com/advisory/ntap-20230609-0005 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1900 – Avira Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1900
19 Apr 2023 — Issue was fixed with Endpointprotection.exe version 1.0.2303.633 This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28122
https://notcve.org/view.php?id=CVE-2023-28122
19 Apr 2023 — A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33975
https://notcve.org/view.php?id=CVE-2021-33975
19 Apr 2023 — Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. • https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25554
https://notcve.org/view.php?id=CVE-2023-25554
18 Apr 2023 — A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21990 – Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21990
18 Apr 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2023.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-21987 – Oracle VirtualBox TPM MMIO Handling Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-21987
18 Apr 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://github.com/chunzhennn/cve-2023-21987-poc • CWE-269: Improper Privilege Management •