CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9677
https://notcve.org/view.php?id=CVE-2024-9677
22 Oct 2024 — The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44812
https://notcve.org/view.php?id=CVE-2024-44812
22 Oct 2024 — SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. • https://github.com/b1u3st0rm/CVE-2024-44812-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23862
https://notcve.org/view.php?id=CVE-2022-23862
22 Oct 2024 — A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. • https://github.com/mbadanoiu/CVE-2022-23862 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6080 – Privilege Escalation to SYSTEM in Lakeside Software Installer
https://notcve.org/view.php?id=CVE-2023-6080
18 Oct 2024 — Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0009.md • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48920 – PutongOJ: unprivileged users can escalate privileges by constructing requests
https://notcve.org/view.php?id=CVE-2024-48920
17 Oct 2024 — Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. • https://github.com/acm309/PutongOJ/commit/211dfe9ebf1c6618ce5396b0338de4f9b580715e#diff-782628b47d666d5d551e040815ca3f80c0704397258718f0e0f31164608ea7beL118-R120 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49389
https://notcve.org/view.php?id=CVE-2024-49389
17 Oct 2024 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-5319 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49390
https://notcve.org/view.php?id=CVE-2024-49390
17 Oct 2024 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-5845 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49391
https://notcve.org/view.php?id=CVE-2024-49391
17 Oct 2024 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7220 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48903 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-48903
17 Oct 2024 — An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0017997 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45710 – SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45710
16 Oct 2024 — SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. ... Esto requiere una cuenta con privilegios bajos y acceso local a la máquina del nodo afectado. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710 • CWE-427: Uncontrolled Search Path Element •