CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48985
https://notcve.org/view.php?id=CVE-2023-48985
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-21371 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21371
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 7CVE-2024-21338 – Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-21338
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. • https://www.exploit-db.com/exploits/51946 https://github.com/varwara/CVE-2024-21338 https://github.com/Crowdfense/CVE-2024-21338 https://github.com/hakaioffsec/CVE-2024-21338 https://github.com/Zombie-Kaiser/CVE-2024-21338-x64-build- https://github.com/UMU618/CVE-2024-21338 https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22042
https://notcve.org/view.php?id=CVE-2024-22042
This could be exploited by an attacker to perform a local privilege escalation attack. ... Un atacante podría aprovechar esto para realizar un ataque de escalada de privilegios local. • https://cert-portal.siemens.com/productcert/html/ssa-543502.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50236
https://notcve.org/view.php?id=CVE-2023-50236
An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. ... Un atacante con acceso local podría aprovechar esta vulnerabilidad para escalar privilegios a NT AUTHORITY\SYSTEM. • https://cert-portal.siemens.com/productcert/html/ssa-871717.html • CWE-276: Incorrect Default Permissions •