CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32484
https://notcve.org/view.php?id=CVE-2023-32484
A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. • https://www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. ... Esta falla permite que un atacante sin privilegios manipule una instancia en ejecución, alterando potencialmente a los reenviadores, permitiéndoles rastrear todas las consultas enviadas por el solucionador local y, en algunos casos, interrumpiendo la resolución por completo. • https://access.redhat.com/errata/RHSA-2024:1750 https://access.redhat.com/errata/RHSA-2024:1751 https://access.redhat.com/errata/RHSA-2024:1780 https://access.redhat.com/errata/RHSA-2024:1801 https://access.redhat.com/errata/RHSA-2024:1802 https://access.redhat.com/errata/RHSA-2024:1804 https://access.redhat.com/errata/RHSA-2024:2587 https://access.redhat.com/errata/RHSA-2024:2696 https://access.redhat.com/security/cve/CVE-2024-1488 https://bugzilla.redhat.com/show • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-0353 – Local privilege escalation in Windows products
https://notcve.org/view.php?id=CVE-2024-0353
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. La vulnerabilidad de escalada de privilegios local potencialmente permitió a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25535
https://notcve.org/view.php?id=CVE-2023-25535
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 La versión del archivo ejecutable del instalador de Dell SupportAssist para PC domésticas anterior a 3.13.2.19 utilizado para la instalación inicial tiene una alta vulnerabilidad que puede resultar en una escalada de privilegios local (LPE). Esta vulnerabilidad solo afecta a las instalaciones realizadas por primera vez antes del 8 de marzo de 2023. • https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48986
https://notcve.org/view.php?id=CVE-2023-48986
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •