CVE-2024-11483 – Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5
https://notcve.org/view.php?id=CVE-2024-11483
This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. • https://access.redhat.com/security/cve/CVE-2024-11483 https://bugzilla.redhat.com/show_bug.cgi?id=2327579 https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44 • CWE-284: Improper Access Control •
CVE-2021-38118 – Possible Local Privilege Escalation Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38118
Possible improper input validation Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-11415 – WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-11415
This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/wp-orphanage-extended/trunk/wp-orphanage-extended-options.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3194570%40wp-orphanage-extended&new=3194570%40wp-orphanage-extended&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ed6255-d8df-4f57-961b-1a0c21e352ac?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-50965
https://notcve.org/view.php?id=CVE-2024-50965
Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50657
https://notcve.org/view.php?id=CVE-2024-50657
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method • https://drive.google.com/drive/folders/1C-ZYjYhmKRGvWs9YN51XOiAS2WxxwdQd?usp=sharing https://github.com/SAHALLL/CVE-2024-50657 • CWE-276: Incorrect Default Permissions •