CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6154 – Local privilege escalation in Bitdefender Total Security (VA-11168)
https://notcve.org/view.php?id=CVE-2023-6154
01 Apr 2024 — A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. Un problema de configuración en seccenter.exe tal como se usa en Bitdefender Total... • https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2658 – Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-2658
01 Apr 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Flexera Software FlexNet Publisher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29667
https://notcve.org/view.php?id=CVE-2024-29667
29 Mar 2024 — ., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. • https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23482 – ZScalerService Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23482
26 Mar 2024 — The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25420
https://notcve.org/view.php?id=CVE-2024-25420
26 Mar 2024 — An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java • CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25421
https://notcve.org/view.php?id=CVE-2024-25421
26 Mar 2024 — An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
25 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. • https://gitee.com/src-openeuler/migration-tools/pulls/12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28393
https://notcve.org/view.php?id=CVE-2024-28393
25 Mar 2024 — SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. • https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28421
https://notcve.org/view.php?id=CVE-2024-28421
25 Mar 2024 — SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php Vulnerabilidad de inyección SQL en Razor 0.8.0 permite a un atacante remoto escalar privilegios a través del método ChannelModel::updateapk de channelmodle.php • https://gist.github.com/LioTree/003202727a61c0fb3ec3c948ab5e38f9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29666
https://notcve.org/view.php?id=CVE-2024-29666
25 Mar 2024 — Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. • https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system • CWE-1393: Use of Default Password •