CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7915 – macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack
https://notcve.org/view.php?id=CVE-2024-7915
25 Nov 2024 — The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. ... The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. • https://pentraze.com/vulnerability-reports • CWE-863: Incorrect Authorization •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27134 – Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf
https://notcve.org/view.php?id=CVE-2024-27134
25 Nov 2024 — Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. • https://github.com/mlflow/mlflow/pull/10874 • CWE-276: Incorrect Default Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11483 – Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5
https://notcve.org/view.php?id=CVE-2024-11483
25 Nov 2024 — This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. • https://access.redhat.com/security/cve/CVE-2024-11483 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38118 – Possible Local Privilege Escalation Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38118
22 Nov 2024 — Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-50657
https://notcve.org/view.php?id=CVE-2024-50657
22 Nov 2024 — An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method • https://github.com/SAHALLL/CVE-2024-50657 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50965
https://notcve.org/view.php?id=CVE-2024-50965
22 Nov 2024 — Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9477
https://notcve.org/view.php?id=CVE-2018-9477
20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9474
https://notcve.org/view.php?id=CVE-2018-9474
20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9471
https://notcve.org/view.php?id=CVE-2018-9471
20 Nov 2024 — This could lead to local escalation of privilege in the system server with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9469
https://notcve.org/view.php?id=CVE-2018-9469
20 Nov 2024 — This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. ... Esto podría provocar una escalada local de privilegios en una aplicación privilegiada sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •