CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21259 – Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21259
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21248 – Oracle VirtualBox Shared Folders Incorrect Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21248
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the current user on the host system. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31493
https://notcve.org/view.php?id=CVE-2023-31493
15 Oct 2024 — RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. • http://zoneminder.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41344
https://notcve.org/view.php?id=CVE-2024-41344
15 Oct 2024 — A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/264 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48821
https://notcve.org/view.php?id=CVE-2024-48821
14 Oct 2024 — Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48822
https://notcve.org/view.php?id=CVE-2024-48822
14 Oct 2024 — Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48823
https://notcve.org/view.php?id=CVE-2024-48823
14 Oct 2024 — Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48827
https://notcve.org/view.php?id=CVE-2024-48827
11 Oct 2024 — An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. • https://github.com/sbondCo/Watcharr • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
11 Oct 2024 — The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. ... An attacker can leverage this vulnerability to escalate privileges and e... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •