CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27525
https://notcve.org/view.php?id=CVE-2024-27525
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. • https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-27524-cve-2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48200
https://notcve.org/view.php?id=CVE-2024-48200
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición de desbordamiento de búfer a través de un payload especialmente manipulado, lo que provocaría una denegación de servicio o una escalada de privilegios locales en distribuciones donde el servidor X.org se ejecuta con privilegios de root. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48271
https://notcve.org/view.php?id=CVE-2024-48271
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. • https://gist.github.com/stevenyu113228/e264c145d6e6e6b59cf53fddc27409ad#1--predictable-administrator-credentials-in-d-link-dsl6740c-modem https://www.dlink.com/en/security-bulletin • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51425
https://notcve.org/view.php?id=CVE-2024-51425
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the WaterToken Contract. • https://github.com/Wzy-source/Gala/blob/main/CVEs/WaterToken_0x8890963266f895aca11fbe4679a1f9cc472f6531.md • CWE-863: Incorrect Authorization •