CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55509
https://notcve.org/view.php?id=CVE-2024-55509
20 Dec 2024 — SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. • https://github.com/prithivilakshmanan/CSV/blob/main/CVE-2024-55509.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-12786 – X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management
https://notcve.org/view.php?id=CVE-2024-12786
19 Dec 2024 — The manipulation leads to improper privilege management. ... Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. • https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12831 – Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12831
19 Dec 2024 — Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. ... An attacker can leverage this to escalate privileges to resources normally protected from the user. ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1720 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47040 – Use After Free in the android.hardware.radio.sap.ISap/slot2 service
https://notcve.org/view.php?id=CVE-2024-47040
18 Dec 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-11-01 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55505
https://notcve.org/view.php?id=CVE-2024-55505
18 Dec 2024 — An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55505.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4762
https://notcve.org/view.php?id=CVE-2024-4762
16 Dec 2024 — An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31891 – IBM Storage Scale privilege escalation
https://notcve.org/view.php?id=CVE-2024-31891
14 Dec 2024 — IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. • https://www.ibm.com/support/pages/node/7178098 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12552 – Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12552
12 Dec 2024 — Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the conte... • https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11598
https://notcve.org/view.php?id=CVE-2024-11598
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Application-Control-CVE-2024-11598 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11597
https://notcve.org/view.php?id=CVE-2024-11597
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Performance-Manager-CVE-2024-11597 • CWE-276: Incorrect Default Permissions •