CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-22235
https://notcve.org/view.php?id=CVE-2024-22235
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". • https://www.vmware.com/security/advisories/VMSA-2024-0004.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0865 – Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-0865
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. ... This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of NETWORK SERVICE. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1156 – NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-1156
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la información de configuración de RabbitMQ y potencialmente habilitar la escalada de privilegios. This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1155 – Incorrect permissions for shared NI SystemLink Elixir based services
https://notcve.org/view.php?id=CVE-2024-1155
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos incorrectos en los directorios de instalación para los servicios compartidos basados en SystemLink Elixir pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-46967
https://notcve.org/view.php?id=CVE-2023-46967
Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. • https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •