CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13323
https://notcve.org/view.php?id=CVE-2017-13323
27 Nov 2024 — This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. ... This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-05-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13316
https://notcve.org/view.php?id=CVE-2017-13316
27 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-05-01 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52323 – Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-52323
27 Nov 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.manageengine.com/analytics-plus/CVE-2024-52323.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8114 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-8114
26 Nov 2024 — This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. • https://gitlab.com/gitlab-org/gitlab/-/issues/480494 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52336 – Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
https://notcve.org/view.php?id=CVE-2024-52336
26 Nov 2024 — This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. • https://access.redhat.com/errata/RHSA-2024:10384 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38831 – Local privilege escalation vulnerability (CVE-2024-38831)
https://notcve.org/view.php?id=CVE-2024-38831
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38830 – Local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-38830
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. A malicious actor with local administrative privileges may trigger this vulnerability to escalate priv... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1521 – Local Privilege Escalation in sccache
https://notcve.org/view.php?id=CVE-2023-1521
26 Nov 2024 — On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. • https://github.com/advisories/GHSA-x7fr-pg8f-93f5 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8272 – macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-8272
25 Nov 2024 — This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. ... This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. • https://pentraze.com/vulnerability-reports • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7915 – macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack
https://notcve.org/view.php?id=CVE-2024-7915
25 Nov 2024 — The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. ... The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. • https://pentraze.com/vulnerability-reports • CWE-863: Incorrect Authorization •