CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27442
https://notcve.org/view.php?id=CVE-2024-27442
The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48171
https://notcve.org/view.php?id=CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. • https://gccybermonks.com/posts/defectdojo • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41942 – JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
https://notcve.org/view.php?id=CVE-2024-41942
Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. • https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428 https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. • https://jira.mongodb.org/browse/CDRIVER-5650 https://jira.mongodb.org/browse/PHPC-2369 https://jira.mongodb.org/browse/SERVER-93211 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5290
https://notcve.org/view.php?id=CVE-2024-5290
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 https://ubuntu.com/security/notices/USN-6945-1 https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation • CWE-427: Uncontrolled Search Path Element •