
CVE-2024-27134 – Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf
https://notcve.org/view.php?id=CVE-2024-27134
25 Nov 2024 — Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. • https://github.com/mlflow/mlflow/pull/10874 • CWE-276: Incorrect Default Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVE-2024-11483 – Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5
https://notcve.org/view.php?id=CVE-2024-11483
25 Nov 2024 — This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. • https://access.redhat.com/security/cve/CVE-2024-11483 • CWE-284: Improper Access Control •

CVE-2021-38118 – Possible Local Privilege Escalation Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38118
22 Nov 2024 — Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •

CVE-2024-50657
https://notcve.org/view.php?id=CVE-2024-50657
22 Nov 2024 — An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method • https://github.com/SAHALLL/CVE-2024-50657 • CWE-276: Incorrect Default Permissions •

CVE-2024-50965
https://notcve.org/view.php?id=CVE-2024-50965
22 Nov 2024 — Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2018-9477
https://notcve.org/view.php?id=CVE-2018-9477
20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-294: Authentication Bypass by Capture-replay •

CVE-2018-9474
https://notcve.org/view.php?id=CVE-2018-9474
20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-502: Deserialization of Untrusted Data •

CVE-2018-9471
https://notcve.org/view.php?id=CVE-2018-9471
20 Nov 2024 — This could lead to local escalation of privilege in the system server with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •

CVE-2018-9469
https://notcve.org/view.php?id=CVE-2018-9469
20 Nov 2024 — This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. ... Esto podría provocar una escalada local de privilegios en una aplicación privilegiada sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •

CVE-2024-51162
https://notcve.org/view.php?id=CVE-2024-51162
20 Nov 2024 — An issue in Audimex EE v.15.1.20 and before allows a remote attacker to escalate privileges. ... An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. • https://en.web-audimex.com/ee-auditmanagement •