CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-22267 – VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-22267
This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28137 – PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28137
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28133 – PHOENIX CONTACT: Privilege escalation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28133
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-426: Untrusted Search Path •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2020-18305
https://notcve.org/view.php?id=CVE-2020-18305
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. • https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4712 – Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler
https://notcve.org/view.php?id=CVE-2024-4712
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/security-bulletin-may-2024 https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •