CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-4395
27 Jun 2024 — The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnera... • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30997 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30997
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30998 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30998
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
27 Jun 2024 — This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. ... Se descubrió que los archivos de instalación de SoftMaker Office y FreeOffice MSI producían una ventana visible de conhost.exe ejecutándose como el usuario de SYSTEM cuando se utiliza la función de re... • https://packetstorm.news/files/id/179360 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39708
https://notcve.org/view.php?id=CVE-2024-39708
27 Jun 2024 — An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. • https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37734
https://notcve.org/view.php?id=CVE-2024-37734
26 Jun 2024 — An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. • https://github.com/A3h1nt/CVEs/tree/main/OpenEMR • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5015 – WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5015
25 Jun 2024 — This can be used to escalate privileges to Admin. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges to resources normally protected from the user. ... This can be used to escalate privileges to Admin. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3CVE-2024-5009 – WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5009
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. ... This vulnerability allows local attackers to escalate privileges onPrivilege Management •