CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3978 – Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
https://notcve.org/view.php?id=CVE-2021-3978
29 Jan 2025 — Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. • https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57395
https://notcve.org/view.php?id=CVE-2024-57395
29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57438
https://notcve.org/view.php?id=CVE-2024-57438
29 Jan 2025 — Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. • https://gitee.com/y_project/RuoYi • CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24826
https://notcve.org/view.php?id=CVE-2025-24826
28 Jan 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-6436 • CWE-276: Incorrect Default Permissions •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40677
https://notcve.org/view.php?id=CVE-2024-40677
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 2CVE-2024-40676
https://notcve.org/view.php?id=CVE-2024-40676
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://github.com/Aakashmom/frameworks_base_accounts_CVE-2024-40676 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40672
https://notcve.org/view.php?id=CVE-2024-40672
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40669
https://notcve.org/view.php?id=CVE-2024-40669
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40651
https://notcve.org/view.php?id=CVE-2024-40651
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40649
https://notcve.org/view.php?id=CVE-2024-40649
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •