CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2024-20398 – Cisco IOS XR Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20398
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8012 – Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8012
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-38249 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38249
Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38249 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44893
https://notcve.org/view.php?id=CVE-2024-44893
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. • https://github.com/jeecgboot/JimuReport/issues/2904 • CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-42759
https://notcve.org/view.php?id=CVE-2024-42759
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html https://ellevo.com • CWE-592: DEPRECATED: Authentication Bypass Issues •