CVSS: 5.0EPSS: %CPEs: -EXPL: 0CVE-2024-11483 – Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5
https://notcve.org/view.php?id=CVE-2024-11483
This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. • https://access.redhat.com/security/cve/CVE-2024-11483 https://bugzilla.redhat.com/show_bug.cgi?id=2327579 https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38118 – Possible Local Privilege Escalation Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38118
Possible improper input validation Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-50657
https://notcve.org/view.php?id=CVE-2024-50657
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method • https://drive.google.com/drive/folders/1C-ZYjYhmKRGvWs9YN51XOiAS2WxxwdQd?usp=sharing https://github.com/SAHALLL/CVE-2024-50657 •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-50965
https://notcve.org/view.php?id=CVE-2024-50965
Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9477
https://notcve.org/view.php?id=CVE-2018-9477
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-294: Authentication Bypass by Capture-replay •