CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22655 – kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
https://notcve.org/view.php?id=CVE-2023-22655
14 Mar 2024 — This issue may allow a malicious actor to achieve local privilege escalation when using Intel SGX or Intel TDX features. • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
14 Mar 2024 — Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
14 Mar 2024 — SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28390
https://notcve.org/view.php?id=CVE-2024-28390
14 Mar 2024 — An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. • https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28391
https://notcve.org/view.php?id=CVE-2024-28391
14 Mar 2024 — SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. • https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50677
https://notcve.org/view.php?id=CVE-2023-50677
14 Mar 2024 — An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. • https://gist.github.com/DMIND-NLL/b61b8d8d20271adf60fc717b3b48faff • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2432 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-2432
13 Mar 2024 — A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. Una vulnerabilidad de escalada de privilegios (PE) en la aplicación Palo Alto Networks GlobalProtect en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecución requiere que el usu... • https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26199
12 Mar 2024 — Microsoft Office Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Office This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26002 – PHOENIX CONTACT: File ownership manipulation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26002
12 Mar 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25999 – PHOENIX CONTACT: Privilege escalation in the OCPP agent service
https://notcve.org/view.php?id=CVE-2024-25999
12 Mar 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •