CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5009 – WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. ... This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local machine in order to exploit this vulnerability. The specific flaw exists within the implementation of SetAdminPassword method. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/sinsinology/CVE-2024-5009 https://github.com/th3gokul/CVE-2024-5009 https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39463 – 9p: add missing locking around taking dentry fid list
https://notcve.org/view.php?id=CVE-2024-39463
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/154372e67d4053e56591245eb413686621941333 https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456 https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5 https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4 https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409 https://www.zerodayinitiative.com/advisories/ZDI-24-1194 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30931
https://notcve.org/view.php?id=CVE-2024-30931
Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html component. • https://happy-little-accidents.pages.dev/posts/CVE-2024-30931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6240 – Improper privilege management vulnerability in Parallels Desktop
https://notcve.org/view.php?id=CVE-2024-6240
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. ... An attacker could exploit this vulnerability to escalate privileges on the system. • https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31890 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-31890
IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288171 https://www.ibm.com/support/pages/node/7158240 • CWE-250: Execution with Unnecessary Privileges •