CVE-2024-2390 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2390
This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2024-05 • CWE-269: Improper Privilege Management •
CVE-2024-25227
https://notcve.org/view.php?id=CVE-2024-25227
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. • https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227 https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227 https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered •
CVE-2023-22655 – kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
https://notcve.org/view.php?id=CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. La falla del mecanismo de protección en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generación cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. ... This issue may allow a malicious actor to achieve local privilege escalation when using Intel SGX or Intel TDX features. • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html https://security.netapp.com/advisory/ntap-20240405-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html https://access.redhat.com/security/cve/CVE-2023-22655 https://bugzilla.redhat.com/show_bug.cgi?id=2270698 • CWE-693: Protection Mechanism Failure •
CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. •
CVE-2024-28391
https://notcve.org/view.php?id=CVE-2024-28391
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. • https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html • CWE-269: Improper Privilege Management •