CVSS: 6.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-27631
https://notcve.org/view.php?id=CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php Vulnerabilidad de Cross Site Request Forgery en GNU Savane v.3.12 y anteriores permite a un atacante remoto escalar privilegios a través de siteadmin/usergroup.php • https://github.com/ally-petitt/CVE-2024-27631 https://git.savannah.nongnu.org/cgit/administration/savane.git/commit/?h=i18n&id=d3962d3feb75467489b869204db98e2dffaaaf09 https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-27632
https://notcve.org/view.php?id=CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. • https://github.com/ally-petitt/CVE-2024-27632 https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27488
https://notcve.org/view.php?id=CVE-2024-27488
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. • https://gist.github.com/tr4pmaker/44442d6f068458175213f4ba71da1312 • CWE-259: Use of Hard-coded Password •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25029 – IBM Personal Communications code execution
https://notcve.org/view.php?id=CVE-2024-25029
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). ... IBM Personal Communications 14.0.6 a 15.0.1 incluye un servicio de Windows que es vulnerable a la ejecución remota de código (RCE) y a la escalada de privilegios local (LPE). • https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 https://www.ibm.com/support/pages/node/7147672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31083 – Xorg-x11-server: use-after-free in procrenderaddglyphs
https://notcve.org/view.php?id=CVE-2024-31083
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • http://www.openwall.com/lists/oss-security/2024/04/03/13 http://www.openwall.com/lists/oss-security/2024/04/12/10 https://access.redhat.com/errata/RHSA-2024:1785 https://access.redhat.com/errata/RHSA-2024:2036 https://access.redhat.com/errata/RHSA-2024:2037 https://access.redhat.com/errata/RHSA-2024:2038 https://access.redhat.com/errata/RHSA-2024:2039 https://access.redhat.com/errata/RHSA-2024:2040 https://access.redhat.com/errata/RHSA-2024:2041 https:// • CWE-416: Use After Free •