CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6619 – Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-41977
https://notcve.org/view.php?id=CVE-2024-41977
This could allow an authenticated remote attacker to escalate their privileges on the devices. • https://cert-portal.siemens.com/productcert/html/ssa-087301.html • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38163 – Windows Update Stack Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38163
Windows Update Stack Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27442
https://notcve.org/view.php?id=CVE-2024-27442
The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48171
https://notcve.org/view.php?id=CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. • https://gccybermonks.com/posts/defectdojo • CWE-269: Improper Privilege Management •