CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1155 – Incorrect permissions for shared NI SystemLink Elixir based services
https://notcve.org/view.php?id=CVE-2024-1155
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-46967
https://notcve.org/view.php?id=CVE-2023-46967
Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. • https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0622 – Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms.
https://notcve.org/view.php?id=CVE-2024-0622
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. • https://portal.microfocus.com/s/article/KM000026555?language=en_US • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32484
https://notcve.org/view.php?id=CVE-2023-32484
A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. • https://www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontró una vulnerabilidad en Unbound debido a permisos predeterminados incorrectos, lo que permite que cualquier proceso fuera del grupo independiente modifique la configuración del tiempo de ejecución independiente. Si un proceso puede conectarse a través de localhost al puerto 8953, puede alterar la configuración de unbound.service. • https://access.redhat.com/errata/RHSA-2024:1750 https://access.redhat.com/errata/RHSA-2024:1751 https://access.redhat.com/errata/RHSA-2024:1780 https://access.redhat.com/errata/RHSA-2024:1801 https://access.redhat.com/errata/RHSA-2024:1802 https://access.redhat.com/errata/RHSA-2024:1804 https://access.redhat.com/errata/RHSA-2024:2587 https://access.redhat.com/errata/RHSA-2024:2696 https://access.redhat.com/security/cve/CVE-2024-1488 https://bugzilla.redhat.com/show • CWE-15: External Control of System or Configuration Setting •