CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-50803
https://notcve.org/view.php?id=CVE-2024-50803
19 Nov 2024 — The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges • https://github.com/Praison001/CVE-2024-50803-Redaxo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
19 Nov 2024 — A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. • https://success.trendmicro.com/en-US/solution/KA-0018154 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 0CVE-2020-26074 – Cisco SD-WAN vManage Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-26074
18 Nov 2024 — A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. ... Una vulnerabilidad en las funciones de transferencia de archivos del sistema de Cisco SD-WAN vManage Software podría permitir que un atacante local autenticado obtenga privilegios elevados en el sistema operativo subyacente. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2021-1462 – Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1462
18 Nov 2024 — A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. ... The vulnerability is due to incorrect privilege assignment. ... Una vulnerabilidad en la CLI del software Cisco SD-WAN vManage podría permitir que un atacante local autenticado eleve los privilegios en un sistema afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-vman-kth3c82B • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-50804
https://notcve.org/view.php?id=CVE-2024-50804
18 Nov 2024 — Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder • https://g3tsyst3m.github.io/cve/msi/Arbitrary-Write-Privilege-Escalation-CVE-2024-50804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48292
https://notcve.org/view.php?id=CVE-2024-48292
18 Nov 2024 — An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. • https://github.com/Nero22k/Disclosures/blob/main/QuickHealAV/CVE-2024-48292.md • CWE-276: Incorrect Default Permissions •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-52867
https://notcve.org/view.php?id=CVE-2024-52867
17 Nov 2024 — guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. • https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13314
https://notcve.org/view.php?id=CVE-2017-13314
15 Nov 2024 — This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13312
https://notcve.org/view.php?id=CVE-2017-13312
15 Nov 2024 — This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13311
https://notcve.org/view.php?id=CVE-2017-13311
15 Nov 2024 — This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •