CVE-2024-4605 – Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4605
As a result they can escalate their privileges or execute arbitrary code. • https://breakdance.com/breakdance-1-7-2-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-29210
https://notcve.org/view.php?id=CVE-2024-29210
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. ... If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. ... Se ha identificado una vulnerabilidad de escalada de privilegios locales (LPE) en Phish Alert Button for Outlook (PAB), específicamente dentro de sus funcionalidades de gestión de configuración. • https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210 • CWE-269: Improper Privilege Management •
CVE-2024-32371
https://notcve.org/view.php?id=CVE-2024-32371
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. • https://github.com/chucrutis/CVE-2024-32371 https://cwe.mitre.org/data/definitions/639.html • CWE-20: Improper Input Validation •
CVE-2024-3576 – NPort 5100A Series Store XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-3576
Malicious users may use the vulnerability to get sensitive information and escalate privileges. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-246328-nport-5100a-series-store-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-29417
https://notcve.org/view.php?id=CVE-2024-29417
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. • https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation • CWE-277: Insecure Inherited Permissions •