CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición de desbordamiento de búfer a través de un payload especialmente manipulado, lo que provocaría una denegación de servicio o una escalada de privilegios locales en distribuciones donde el servidor X.org se ejecuta con privilegios de root. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:8798 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48271
https://notcve.org/view.php?id=CVE-2024-48271
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. • https://gist.github.com/stevenyu113228/e264c145d6e6e6b59cf53fddc27409ad#1--predictable-administrator-credentials-in-d-link-dsl6740c-modem https://www.dlink.com/en/security-bulletin • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51425
https://notcve.org/view.php?id=CVE-2024-51425
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the WaterToken Contract. • https://github.com/Wzy-source/Gala/blob/main/CVEs/WaterToken_0x8890963266f895aca11fbe4679a1f9cc472f6531.md • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51426
https://notcve.org/view.php?id=CVE-2024-51426
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the _transfer function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/EOTT_0x5fe0971167215aade651f76492f8489e43ceb48a.md • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42028
https://notcve.org/view.php?id=CVE-2024-42028
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. • https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 • CWE-276: Incorrect Default Permissions •