CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28390
https://notcve.org/view.php?id=CVE-2024-28390
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. • https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50677
https://notcve.org/view.php?id=CVE-2023-50677
An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. • https://gist.github.com/DMIND-NLL/b61b8d8d20271adf60fc717b3b48faff • CWE-269: Improper Privilege Management •
CVSS: 4.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2432 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-2432
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. Una vulnerabilidad de escalada de privilegios (PE) en la aplicación Palo Alto Networks GlobalProtect en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecución requiere que el usuario local pueda aprovechar con éxito una condición de ejecución. • https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP https://security.paloaltonetworks.com/CVE-2024-2432 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26199
Microsoft Office Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Office This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26002 – PHOENIX CONTACT: File ownership manipulation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26002
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. Una validación de entrada incorrecta en Qualcom plctool permite a un atacante local con privilegios bajos obtener acceso de root cambiando la propiedad de archivos específicos. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •