CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31502
https://notcve.org/view.php?id=CVE-2024-31502
26 Apr 2024 — An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. • https://github.com/sahildari/cve/blob/master/CVE-2024-31502.md • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28240 – GLPI-Agent's MSI package installation permits local users to change Agent configuration
https://notcve.org/view.php?id=CVE-2024-28240
25 Apr 2024 — A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. ... Una vulnerabilidad que solo afecta al GLPI-Agent instalado en Windows a través del paq... • https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20359 – Cisco ASA and FTD Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20359
24 Apr 2024 — A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. ... Una vulnerabilidad en una capacidad heredada que permitía la precarga de clientes VPN y complementos y que ha estado disponible en el software Cisco Adaptive Security Applia... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28613
https://notcve.org/view.php?id=CVE-2024-28613
24 Apr 2024 — SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. • https://github.com/hakkitoklu/hunt/blob/main/PHP%20Task%20Management%20System/sqli.md •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32656 – Ant Media Server vulnerable to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-32656
22 Apr 2024 — A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. ... This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. ... Una vulnerabilidad de escalada de privilegios local presente en las versiones 2.6.0 a 2.8.2 permite q... • https://github.com/ant-media/Ant-Media-Server/commit/9cb38500729e0ff302da0290b9cfe1ec4dd6c764 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32405
https://notcve.org/view.php?id=CVE-2024-32405
22 Apr 2024 — Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. • https://cxsecurity.com/issue/WLB-2024040051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
19 Apr 2024 — The active response can be triggered by writing events either to the local `execd` queue on server or to the `ar` queue which forwards the events to agents. So, it can leads to LPE on server as root and RCE on agent as root. ... La respuesta activa se puede activar escribiendo eventos en la cola "execd" local en el servidor o en la cola "ar" que reenvía los eventos a los agentes. Por lo tanto, puede conducir a LPE en el servidor como raíz y a RCE en el... • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24910 – Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24910
18 Apr 2024 — A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Ser... • https://support.checkpoint.com/results/sk/sk182219 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21121 – Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21121
16 Apr 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21116 – Oracle VirtualBox vboxdrv Improper Privilege Management Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21116
16 Apr 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... The issue results from improper privilege management. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.oracle.com/security-alerts/cpuapr2024.html •