CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
23 Jan 2024 — HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to explo... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0751 – Mozilla: Privilege escalation through devtools
https://notcve.org/view.php?id=CVE-2024-0751
23 Jan 2024 — A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. ... The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-52337 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52337
19 Jan 2024 — An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerabi... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-52338 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52338
19 Jan 2024 — A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. ... Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21885 – Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent
https://notcve.org/view.php?id=CVE-2024-21885
17 Jan 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-0229 – Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-0229
17 Jan 2024 — This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-21886 – Xorg-x11-server: heap buffer overflow in disabledevice
https://notcve.org/view.php?id=CVE-2024-21886
17 Jan 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2023-6816 – Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
https://notcve.org/view.php?id=CVE-2023-6816
17 Jan 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • http://www.openwall.com/lists/oss-security/2024/01/18/1 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-0507 – Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2024-0507
16 Jan 2024 — An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. • https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22428
https://notcve.org/view.php?id=CVE-2024-22428
16 Jan 2024 — It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. ... Puede permitir que un usuario local sin privilegios escale privilegios y ejecute código arbitrario en el sistema afectado. ... It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. • https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities • CWE-276: Incorrect Default Permissions •