CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25999 – PHOENIX CONTACT: Privilege escalation in the OCPP agent service
https://notcve.org/view.php?id=CVE-2024-25999
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. Un atacante local no autenticado puede realizar una escalada de privilegios debido a una validación de entrada incorrecta en el servicio del agente OCPP. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-26521
https://notcve.org/view.php?id=CVE-2024-26521
HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. • https://github.com/hackervegas001/CVE-2024-26521 https://github.com/capture0x/Phoenix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27236
https://notcve.org/view.php?id=CVE-2024-27236
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27233
https://notcve.org/view.php?id=CVE-2024-27233
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27226
https://notcve.org/view.php?id=CVE-2024-27226
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-787: Out-of-bounds Write •