CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41602
https://notcve.org/view.php?id=CVE-2024-41602
19 Jul 2024 — Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL Vulnerabilidad de falsificación de solicitudes entre sitios en Spina CMS v.2.18.0 y anteriores permite a un atacante remoto escalar privilegios a través de una URL manipulada • https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41602 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30473
https://notcve.org/view.php?id=CVE-2024-30473
18 Jul 2024 — Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. • https://www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34013
https://notcve.org/view.php?id=CVE-2024-34013
18 Jul 2024 — Local privilege escalation due to OS command injection vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34729 – PowerVR Dangling Page Table Entry
https://notcve.org/view.php?id=CVE-2024-34729
18 Jul 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://packetstorm.news/files/id/179593 •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
16 Jul 2024 — This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-6655 – Gtk3: gtk2: library injection from cwd
https://notcve.org/view.php?id=CVE-2024-6655
16 Jul 2024 — If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges. • https://access.redhat.com/errata/RHSA-2024:6963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40505
https://notcve.org/view.php?id=CVE-2024-40505
16 Jul 2024 — Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. La vulnerabilidad de Directory Traversal en el firmware D-Link DAP-1650 v.1.03 permite a un atacante local escalar privilegios a través del componente hedwig.cgi. **UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalatePath Traversal: ' •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39819 – Zoom Workplace Apps and SDK for Windows - Improper Privilege Management
https://notcve.org/view.php?id=CVE-2024-39819
15 Jul 2024 — Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. La gestión inadecuada de privilegios en el instalador de algunas aplicaciones de Zoom Workplace y SDK para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local. • https://www.zoom.com/en/trust/security-bulletin/zsb-24026 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27238 – Zoom Apps and SDKs - Race Condition
https://notcve.org/view.php?id=CVE-2024-27238
15 Jul 2024 — Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. La condición de ejecución en el instalador de algunas aplicaciones de Zoom y SDK para Windows anteriores a la versión 6.0.0 puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local. • https://www.zoom.com/en/trust/security-bulletin/zsb-24021 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27240 – Zoom Apps for Windows - Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-27240
15 Jul 2024 — Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. Una validación de entrada incorrecta en el instalador de algunas aplicaciones de Zoom para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local. • https://www.zoom.com/en/trust/security-bulletin/zsb-24019 • CWE-20: Improper Input Validation •