CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-21371 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21371
13 Feb 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22042
https://notcve.org/view.php?id=CVE-2024-22042
13 Feb 2024 — This could be exploited by an attacker to perform a local privilege escalation attack. • https://cert-portal.siemens.com/productcert/html/ssa-543502.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50236
https://notcve.org/view.php?id=CVE-2023-50236
13 Feb 2024 — An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. • https://cert-portal.siemens.com/productcert/html/ssa-871717.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22132 – Code Injection vulnerability in SAP IDES Systems
https://notcve.org/view.php?id=CVE-2024-22132
13 Feb 2024 — SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. • https://me.sap.com/notes/3421659 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24828 – Local Privilege Escalation in execuatables bundled by pkg
https://notcve.org/view.php?id=CVE-2024-24828
09 Feb 2024 — pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. • https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24308
https://notcve.org/view.php?id=CVE-2024-24308
09 Feb 2024 — SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. • https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46350
https://notcve.org/view.php?id=CVE-2023-46350
09 Feb 2024 — SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. • https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50026
https://notcve.org/view.php?id=CVE-2023-50026
09 Feb 2024 — SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). • https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24821 – Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
https://notcve.org/view.php?id=CVE-2024-24821
08 Feb 2024 — As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. ... As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. • https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22795
https://notcve.org/view.php?id=CVE-2024-22795
08 Feb 2024 — Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. • https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 • CWE-269: Improper Privilege Management •