CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0507 – Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2024-0507
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22428
https://notcve.org/view.php?id=CVE-2024-22428
It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. ... Puede permitir que un usuario local sin privilegios escale privilegios y ejecute código arbitrario en el sistema afectado. • https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51059
https://notcve.org/view.php?id=CVE-2023-51059
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. • https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33472
https://notcve.org/view.php?id=CVE-2023-33472
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. • https://hev0x.github.io/posts/scadalts-cve-2023-33472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42463 – wazuh-logcollector integer underflow local privilege escalation
https://notcve.org/view.php?id=CVE-2023-42463
This bug introduced a stack overflow hazard that could allow a local privilege escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r • CWE-121: Stack-based Buffer Overflow •