CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7980 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7980
21 Aug 2024 — Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7979 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7979
21 Aug 2024 — Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7977 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7977
21 Aug 2024 — Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22576
https://notcve.org/view.php?id=CVE-2023-22576
21 Aug 2024 — Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. • https://www.dell.com/support/kbdoc/en-us/000207513/dsa-2023-017-dell-emc-repository-manager-drm-security-update-for-an-improper-privilege-management-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38305
https://notcve.org/view.php?id=CVE-2024-38305
21 Aug 2024 — Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. • https://www.dell.com/support/kbdoc/en-us/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28829 – Privilege escalation in mk_informix plugin
https://notcve.org/view.php?id=CVE-2024-28829
20 Aug 2024 — Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42577
https://notcve.org/view.php?id=CVE-2024-42577
20 Aug 2024 — A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. • https://gist.github.com/topsky979/20ad7b251f2905db38e7a6566b1d46cc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42582
https://notcve.org/view.php?id=CVE-2024-42582
20 Aug 2024 — A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. • https://gist.github.com/topsky979/c0d78b257ce1e661be30de1ce9551d27 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42553
https://notcve.org/view.php?id=CVE-2024-42553
20 Aug 2024 — A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. • https://gist.github.com/topsky979/4b22a22c73b16c7c22c06d4b3f033fdc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42579
https://notcve.org/view.php?id=CVE-2024-42579
20 Aug 2024 — A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. • https://gist.github.com/topsky979/ed59fb8b35a220dfa064a3a3cb1ecb1b • CWE-352: Cross-Site Request Forgery (CSRF) •