CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 12CVE-2024-1086 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-1086
31 Jan 2024 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... The nf_tables component can be exploited to achieve local privilege escalation. Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. • https://github.com/Notselwyn/CVE-2024-1086 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1085 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2024-1085
31 Jan 2024 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22938
https://notcve.org/view.php?id=CVE-2024-22938
30 Jan 2024 — Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. • https://github.com/n0Sleeper/bosscmsVuln • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-23940
https://notcve.org/view.php?id=CVE-2024-23940
29 Jan 2024 — Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48201
https://notcve.org/view.php?id=CVE-2023-48201
27 Jan 2024 — Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. • https://mechaneus.github.io/CVE-2023-48201.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48202
https://notcve.org/view.php?id=CVE-2023-48202
27 Jan 2024 — Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. • https://mechaneus.github.io/CVE-2023-48202.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23620 – IBM Merge Healthcare eFilm Workstation SYSTEM Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23620
25 Jan 2024 — A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. • https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
25 Jan 2024 — An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43317
https://notcve.org/view.php?id=CVE-2023-43317
24 Jan 2024 — An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. • https://github.com/amjadali-110/CVE-2023-43317 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
23 Jan 2024 — HPE OneView may allow command injection with local privilege escalation. ... This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •