CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-47906
https://notcve.org/view.php?id=CVE-2024-47906
12 Nov 2024 — Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions CWE-426: Untrusted Search Path •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-29119
https://notcve.org/view.php?id=CVE-2024-29119
12 Nov 2024 — The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-616032.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47595 – Local Privilege Escalation in SAP Host Agent
https://notcve.org/view.php?id=CVE-2024-47595
12 Nov 2024 — An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3509619 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-51093
https://notcve.org/view.php?id=CVE-2024-51093
12 Nov 2024 — Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. • https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51094
https://notcve.org/view.php?id=CVE-2024-51094
12 Nov 2024 — An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". • https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
12 Nov 2024 — G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to esca... • https://www.zerodayinitiative.com/advisories/ZDI-24-1486 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-50592 – Local Privilege Escalation via Race Condition
https://notcve.org/view.php?id=CVE-2024-50592
08 Nov 2024 — HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50593 – Hardcoded Service Password
https://notcve.org/view.php?id=CVE-2024-50593
08 Nov 2024 — HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50591 – Local Privilege Escalation via Command Injection
https://notcve.org/view.php?id=CVE-2024-50591
08 Nov 2024 — HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50590 – Local Privilege Escalation via Weak Service Binary Permissions
https://notcve.org/view.php?id=CVE-2024-50590
08 Nov 2024 — HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •