CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 https://bugzilla.redhat.com/show_bug.cgi?id=2292089 https://www.zerodayinitiative.com/advisories/ZDI-24-1382 • CWE-416: Use After Free •
CVE-2023-31493
https://notcve.org/view.php?id=CVE-2023-31493
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. • http://zoneminder.com https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-49219 – WordPress RS-Members plugin <= 1.0.3 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-49219
This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. • https://patchstack.com/database/vulnerability/rs-members/wordpress-rs-members-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVE-2024-48823
https://notcve.org/view.php?id=CVE-2024-48823
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVE-2024-48821
https://notcve.org/view.php?id=CVE-2024-48821
Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •