CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27525
https://notcve.org/view.php?id=CVE-2024-27525
01 Nov 2024 — Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. • https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48200
https://notcve.org/view.php?id=CVE-2024-48200
31 Oct 2024 — An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbi... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51425
https://notcve.org/view.php?id=CVE-2024-51425
30 Oct 2024 — Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the WaterToken Contract. • https://github.com/Wzy-source/Gala/blob/main/CVEs/WaterToken_0x8890963266f895aca11fbe4679a1f9cc472f6531.md • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51426
https://notcve.org/view.php?id=CVE-2024-51426
30 Oct 2024 — Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the _transfer function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/EOTT_0x5fe0971167215aade651f76492f8489e43ceb48a.md • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48271
https://notcve.org/view.php?id=CVE-2024-48271
30 Oct 2024 — D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. • https://gist.github.com/stevenyu113228/e264c145d6e6e6b59cf53fddc27409ad#1--predictable-administrator-credentials-in-d-link-dsl6740c-modem • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42028
https://notcve.org/view.php?id=CVE-2024-42028
28 Oct 2024 — A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. • https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45261
https://notcve.org/view.php?id=CVE-2024-45261
24 Oct 2024 — Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown
https://notcve.org/view.php?id=CVE-2024-9050
22 Oct 2024 — As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. • https://access.redhat.com/errata/RHSA-2024:8312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23862
https://notcve.org/view.php?id=CVE-2022-23862
22 Oct 2024 — A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. • https://github.com/mbadanoiu/CVE-2022-23862 • CWE-306: Missing Authentication for Critical Function •