CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27524
https://notcve.org/view.php?id=CVE-2024-27524
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. • https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-27524-cve-2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27525
https://notcve.org/view.php?id=CVE-2024-27525
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. • https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-27524-cve-2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48200
https://notcve.org/view.php?id=CVE-2024-48200
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición de desbordamiento de búfer a través de un payload especialmente manipulado, lo que provocaría una denegación de servicio o una escalada de privilegios locales en distribuciones donde el servidor X.org se ejecuta con privilegios de root. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:10090 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9540 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 https://access.redhat.com/errata/RHSA-2024:9690 https://access.redhat.com/errata/RHSA-2024:9816 https://access.redhat.com/e • CWE-122: Heap-based Buffer Overflow •