CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
27 Jun 2024 — SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39708
https://notcve.org/view.php?id=CVE-2024-39708
27 Jun 2024 — An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. • https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37734
https://notcve.org/view.php?id=CVE-2024-37734
26 Jun 2024 — An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. • https://github.com/A3h1nt/CVEs/tree/main/OpenEMR • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5015 – WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5015
25 Jun 2024 — This can be used to escalate privileges to Admin. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges to resources normally protected from the user. ... This can be used to escalate privileges to Admin. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5009 – WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5009
25 Jun 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/sinsinology/CVE-2024-5009 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39463 – 9p: add missing locking around taking dentry fid list
https://notcve.org/view.php?id=CVE-2024-39463
25 Jun 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/154372e67d4053e56591245eb413686621941333 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30931
https://notcve.org/view.php?id=CVE-2024-30931
25 Jun 2024 — Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html component. • https://happy-little-accidents.pages.dev/posts/CVE-2024-30931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6240 – Improper privilege management vulnerability in Parallels Desktop
https://notcve.org/view.php?id=CVE-2024-6240
21 Jun 2024 — An attacker could exploit this vulnerability to escalate privileges on the system. • https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31890 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-31890
21 Jun 2024 — IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288171 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
21 Jun 2024 — Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •