CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9344
https://notcve.org/view.php?id=CVE-2018-9344
19 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9339
https://notcve.org/view.php?id=CVE-2018-9339
19 Nov 2024 — In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-9338
https://notcve.org/view.php?id=CVE-2018-9338
19 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://github.com/Pazhanivelmani/frameworks_base_Android_6.0.1_r22_CVE-2018-9338 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-21270
https://notcve.org/view.php?id=CVE-2023-21270
19 Nov 2024 — This could lead to local escalation of privilege with User execution privileges needed. • https://source.android.com/security/bulletin/2023-08-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48992 – Ubuntu Security Notice USN-7117-3
https://notcve.org/view.php?id=CVE-2024-48992
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by trick... • https://packetstorm.news/files/id/182765 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48991 – Ubuntu Security Notice USN-7117-3
https://notcve.org/view.php?id=CVE-2024-48991
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the sys... • https://packetstorm.news/files/id/182765 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 13CVE-2024-48990 – Ubuntu Security Notice USN-7117-3
https://notcve.org/view.php?id=CVE-2024-48990
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by ... • https://packetstorm.news/files/id/183464 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-11003 – Ubuntu Security Notice USN-7117-3
https://notcve.org/view.php?id=CVE-2024-11003
19 Nov 2024 — This could allow a local attacker to execute arbitrary shell commands. ... The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby inter... • https://packetstorm.news/files/id/182765 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42450
https://notcve.org/view.php?id=CVE-2024-42450
19 Nov 2024 — This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. ... Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict a... • https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11075 – SICK Incoming Goods Suite privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-11075
19 Nov 2024 — A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-250: Execution with Unnecessary Privileges •