CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 http://projectworlds.com http://visitor.com https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43317
https://notcve.org/view.php?id=CVE-2023-43317
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. • https://github.com/amjadali-110/CVE-2023-43317 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the startUpgradeCommon method. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0751 – Mozilla: Privilege escalation through devtools
https://notcve.org/view.php?id=CVE-2024-0751
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. ... The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0751 https://bugzilla.redhat.com/show_bug.cgi?id=2259932 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-52338 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-076 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •