CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-29119
https://notcve.org/view.php?id=CVE-2024-29119
The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-616032.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47595 – Local Privilege Escalation in SAP Host Agent
https://notcve.org/view.php?id=CVE-2024-47595
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3509619 https://url.sap/sapsecuritypatchday • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51094
https://notcve.org/view.php?id=CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". • https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-51093
https://notcve.org/view.php?id=CVE-2024-51093
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. • https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •