CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13058 – Authenticated, non-admin users can create storage pools via the sifi API
https://notcve.org/view.php?id=CVE-2024-13058
30 Dec 2024 — An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. • https://advisories.softiron.cloud • CWE-269: Improper Privilege Management CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13043 – Panda Security Dome Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-13043
30 Dec 2024 — Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the co... • https://www.zerodayinitiative.com/advisories/ZDI-24-1727 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12753 – Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12753
30 Dec 2024 — Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of ... • https://www.foxit.com/support/security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9080
https://notcve.org/view.php?id=CVE-2020-9080
27 Dec 2024 — There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12903 – Incorrect default permissions in Biamp Evoko Home
https://notcve.org/view.php?id=CVE-2024-12903
23 Dec 2024 — A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges). ... Se ha identificado que existen permisos de control total en el grupo "Todos" (es decir, cualquier usuario que tenga acceso local al s... • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56334 – Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
https://notcve.org/view.php?id=CVE-2024-56334
20 Dec 2024 — This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. • https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55509
https://notcve.org/view.php?id=CVE-2024-55509
20 Dec 2024 — SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. • https://github.com/prithivilakshmanan/CSV/blob/main/CVE-2024-55509.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37758
https://notcve.org/view.php?id=CVE-2024-37758
20 Dec 2024 — Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. • https://medium.com/@hamzanadeem1337/unauthorized-full-vertical-privilege-escalation-in-digiteam-sales-gamification-portal-version-4-21-0-c3e3282e9053 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-12786 – X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management
https://notcve.org/view.php?id=CVE-2024-12786
19 Dec 2024 — The manipulation leads to improper privilege management. ... Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. • https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12831 – Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12831
19 Dec 2024 — Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. ... An attacker can leverage this to escalate privileges to resources normally protected from the user. ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1720 • CWE-863: Incorrect Authorization •