CVE-2024-42028
https://notcve.org/view.php?id=CVE-2024-42028
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. • https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 • CWE-276: Incorrect Default Permissions •
CVE-2024-45261
https://notcve.org/view.php?id=CVE-2024-45261
Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md • CWE-863: Incorrect Authorization •
CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown
https://notcve.org/view.php?id=CVE-2024-9050
As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. • https://access.redhat.com/errata/RHSA-2024:8312 https://access.redhat.com/errata/RHSA-2024:8338 https://access.redhat.com/errata/RHSA-2024:8352 https://access.redhat.com/errata/RHSA-2024:8353 https://access.redhat.com/errata/RHSA-2024:8354 https://access.redhat.com/errata/RHSA-2024:8355 https://access.redhat.com/errata/RHSA-2024:8356 https://access.redhat.com/errata/RHSA-2024:8357 https://access.redhat.com/errata/RHSA-2024:8358 https://access.redhat.com/errata/RHSA • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-23862
https://notcve.org/view.php?id=CVE-2022-23862
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. • https://github.com/mbadanoiu/CVE-2022-23862 https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf https://ysoft.com • CWE-306: Missing Authentication for Critical Function •
CVE-2024-44812
https://notcve.org/view.php?id=CVE-2024-44812
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. • https://github.com/b1u3st0rm/CVE-2024-44812-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •