Page 12 of 3528 results (0.339 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown

https://notcve.org/view.php?id=CVE-2024-9050

As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. • https://access.redhat.com/errata/RHSA-2024:8312 https://access.redhat.com/errata/RHSA-2024:8338 https://access.redhat.com/errata/RHSA-2024:8352 https://access.redhat.com/errata/RHSA-2024:8353 https://access.redhat.com/errata/RHSA-2024:8354 https://access.redhat.com/errata/RHSA-2024:8355 https://access.redhat.com/errata/RHSA-2024:8356 https://access.redhat.com/errata/RHSA-2024:8357 https://access.redhat.com/errata/RHSA-2024:8358 https://access.redhat.com/errata/RHSA • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0

CVE-2022-23862

https://notcve.org/view.php?id=CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. • https://github.com/mbadanoiu/CVE-2022-23862 https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf https://ysoft.com • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

CVE-2024-44812

https://notcve.org/view.php?id=CVE-2024-44812

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. • https://github.com/b1u3st0rm/CVE-2024-44812-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-6080 – Privilege Escalation to SYSTEM in Lakeside Software Installer

https://notcve.org/view.php?id=CVE-2023-6080

Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0009.md https://www.cve.org/CVERecord?id=CVE-2023-6080 https://www.lakesidesoftware.com • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-48920 – PutongOJ: unprivileged users can escalate privileges by constructing requests

https://notcve.org/view.php?id=CVE-2024-48920

Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. • https://github.com/acm309/PutongOJ/commit/211dfe9ebf1c6618ce5396b0338de4f9b580715e#diff-782628b47d666d5d551e040815ca3f80c0704397258718f0e0f31164608ea7beL118-R120 https://github.com/acm309/PutongOJ/releases/tag/v2.1.0-beta.1 https://github.com/acm309/PutongOJ/security/advisories/GHSA-gj6h-73c5-xw6f • CWE-306: Missing Authentication for Critical Function •