CVE-2024-21110 – Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21110
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root on the target guest system. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVE-2024-31760
https://notcve.org/view.php?id=CVE-2024-31760
An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. • https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/flipped-aurora/gin-vue-admin/issues/1324 https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md • CWE-266: Incorrect Privilege Assignment •
CVE-2024-31759
https://notcve.org/view.php?id=CVE-2024-31759
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. • https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md • CWE-284: Improper Access Control •
CVE-2024-23593
https://notcve.org/view.php?id=CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2024-3772 – Regular expression denial of service in Pydantic < 2.4.0
https://notcve.org/view.php?id=CVE-2024-3772
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. La denegación de servicio de expresión regular en Pydanic < 2.4.0, < 1.10.13 permite a atacantes remotos provocar denegación de servicio a través de una cadena de correo electrónico manipulada. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string. • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation https://github.com/pydantic/pydantic/pull/7360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI https://access.redhat.com/security/cve/CVE-2024-3772 https://bugzilla.redhat.com/show_bug.cgi? • CWE-1333: Inefficient Regular Expression Complexity •