CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42450
https://notcve.org/view.php?id=CVE-2024-42450
19 Nov 2024 — This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. ... Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict a... • https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11075 – SICK Incoming Goods Suite privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-11075
19 Nov 2024 — A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
19 Nov 2024 — A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. • https://success.trendmicro.com/en-US/solution/KA-0018154 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-50803
https://notcve.org/view.php?id=CVE-2024-50803
19 Nov 2024 — The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges • https://github.com/Praison001/CVE-2024-50803-Redaxo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48292
https://notcve.org/view.php?id=CVE-2024-48292
18 Nov 2024 — An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. • https://github.com/Nero22k/Disclosures/blob/main/QuickHealAV/CVE-2024-48292.md • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13314
https://notcve.org/view.php?id=CVE-2017-13314
15 Nov 2024 — This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13312
https://notcve.org/view.php?id=CVE-2017-13312
15 Nov 2024 — This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13311
https://notcve.org/view.php?id=CVE-2017-13311
15 Nov 2024 — This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13310
https://notcve.org/view.php?id=CVE-2017-13310
15 Nov 2024 — This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-49592 – McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49592
15 Nov 2024 — McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. ... This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. ... An attacker can leverage this vulnerability to <... • https://www.mcafee.com/support/s/article/000002516?language=en_US • CWE-427: Uncontrolled Search Path Element •