CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51094
https://notcve.org/view.php?id=CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". • https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-51093
https://notcve.org/view.php?id=CVE-2024-51093
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. ... This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system. • https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-50592 – Local Privilege Escalation via Race Condition
https://notcve.org/view.php?id=CVE-2024-50592
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. ... HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50593 – Hardcoded Service Password
https://notcve.org/view.php?id=CVE-2024-50593
An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software. Un atacante con acceso local a el ordenador del consultorio médico puede acceder a funciones restringidas de la herramienta de servicio Elefant mediante el uso de una contraseña de "línea directa" codificada en el binario del servicio Elefant, que se envía con el software. HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-798: Use of Hard-coded Credentials •