CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50380 – Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
https://notcve.org/view.php?id=CVE-2023-50380
In theory, it might be possible to use this to escalate privileges. • http://www.openwall.com/lists/oss-security/2024/02/27/6 https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22543
https://notcve.org/view.php?id=CVE-2024-22543
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. • https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2 • CWE-613: Insufficient Session Expiration •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49114 – Local Privilege Escalation via DLL Hijacking
https://notcve.org/view.php?id=CVE-2023-49114
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met. ... Qognify VMS Client Viewer version 7.1 suffers from a local privilege escalation vulnerability via DLL hijacking. • http://seclists.org/fulldisclosure/2024/Mar/10 https://r.sec-consult.com/qognify • CWE-427: Uncontrolled Search Path Element •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-24402
https://notcve.org/view.php?id=CVE-2024-24402
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. • https://github.com/MAWK0235/CVE-2024-24402 https://www.nagios.com/changelog •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26586 – mlxsw: spectrum_acl_tcam: Fix stack corruption
https://notcve.org/view.php?id=CVE-2024-26586
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/c3ab435466d5109b2c7525a3b90107d4d9e918fc https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182 https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819 https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62 https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383 https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-787: Out-of-bounds Write •