CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20111
https://notcve.org/view.php?id=CVE-2024-20111
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 13EXPL: 0CVE-2024-20110
https://notcve.org/view.php?id=CVE-2024-20110
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 13EXPL: 0CVE-2024-20109
https://notcve.org/view.php?id=CVE-2024-20109
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 67EXPL: 0CVE-2024-20108
https://notcve.org/view.php?id=CVE-2024-20108
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2024-20106
https://notcve.org/view.php?id=CVE-2024-20106
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20104
https://notcve.org/view.php?id=CVE-2024-20104
04 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35141 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35141
04 Nov 2024 — IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local aumente sus privilegios debido a la ejecución de privilegios innecesarios. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated... • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
04 Nov 2024 — The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27525
https://notcve.org/view.php?id=CVE-2024-27525
01 Nov 2024 — Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. • https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27524
https://notcve.org/view.php?id=CVE-2024-27524
01 Nov 2024 — Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. • https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •