CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9956 – Debian Security Advisory 5793-1
https://notcve.org/view.php?id=CVE-2024-9956
15 Oct 2024 — Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21259 – Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21259
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21248 – Oracle VirtualBox Shared Folders Incorrect Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21248
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the current user on the host system. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41344
https://notcve.org/view.php?id=CVE-2024-41344
15 Oct 2024 — A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/264 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31493
https://notcve.org/view.php?id=CVE-2023-31493
15 Oct 2024 — RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. • http://zoneminder.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
15 Oct 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48821
https://notcve.org/view.php?id=CVE-2024-48821
14 Oct 2024 — Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48822
https://notcve.org/view.php?id=CVE-2024-48822
14 Oct 2024 — Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48823
https://notcve.org/view.php?id=CVE-2024-48823
14 Oct 2024 — Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. • https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9766 – Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9766
11 Oct 2024 — Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the conte... • https://www.zerodayinitiative.com/advisories/ZDI-24-1336 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •