CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1155 – Incorrect permissions for shared NI SystemLink Elixir based services
https://notcve.org/view.php?id=CVE-2024-1155
20 Feb 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46967
https://notcve.org/view.php?id=CVE-2023-46967
20 Feb 2024 — Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. • https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0622 – Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms.
https://notcve.org/view.php?id=CVE-2024-0622
15 Feb 2024 — Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. ... Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. • https://portal.microfocus.com/s/article/KM000026555?language=en_US • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32484
https://notcve.org/view.php?id=CVE-2023-32484
15 Feb 2024 — A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. • https://www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 20EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
15 Feb 2024 — A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontr... • https://access.redhat.com/errata/RHSA-2024:1750 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-0353 – Local privilege escalation in Windows products
https://notcve.org/view.php?id=CVE-2024-0353
15 Feb 2024 — Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. ... This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25535
https://notcve.org/view.php?id=CVE-2023-25535
14 Feb 2024 — Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 La versión del archivo ejecutable del instalador de Dell SupportAssist para PC domésticas anterior a 3.13.2.19 utilizado para la instalación inicial tiene una alta vulnerabilidad que puede resultar en una escalada de pr... • https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48985
https://notcve.org/view.php?id=CVE-2023-48985
14 Feb 2024 — Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48986
https://notcve.org/view.php?id=CVE-2023-48986
14 Feb 2024 — Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48987
https://notcve.org/view.php?id=CVE-2023-48987
14 Feb 2024 — Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •