CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-41977
https://notcve.org/view.php?id=CVE-2024-41977
This could allow an authenticated remote attacker to escalate their privileges on the devices. • https://cert-portal.siemens.com/productcert/html/ssa-087301.html • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38163 – Windows Update Stack Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38163
Windows Update Stack Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27442
https://notcve.org/view.php?id=CVE-2024-27442
The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48171
https://notcve.org/view.php?id=CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. • https://gccybermonks.com/posts/defectdojo • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41942 – JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
https://notcve.org/view.php?id=CVE-2024-41942
Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. • https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428 https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f • CWE-274: Improper Handling of Insufficient Privileges •