CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24760
https://notcve.org/view.php?id=CVE-2023-24760
16 Mar 2023 — An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. • https://gitee.com/oufu/ofcms/issues/I6BD2Q • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2023-25280 – D-Link DIR-820 Router OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-25280
16 Mar 2023 — OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-24861 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24861
14 Mar 2023 — Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-23410
14 Mar 2023 — Windows HTTP.sys Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25590 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-25590
14 Mar 2023 — A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25279
https://notcve.org/view.php?id=CVE-2023-25279
13 Mar 2023 — OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20In%20tools_AccountName • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27010 – Wondershare Dr Fone 12.9.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-27010
09 Mar 2023 — This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. • https://www.exploit-db.com/exploits/51324 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27322 – Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27322
07 Mar 2023 — Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability ... • https://kb.parallels.com/125013 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27323 – Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27323
07 Mar 2023 — Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected insta... • https://kb.parallels.com/125013 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27324 – Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27324
07 Mar 2023 — Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installatio... • https://kb.parallels.com/125013 • CWE-665: Improper Initialization •