CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31083 – Xorg-x11-server: use-after-free in procrenderaddglyphs
https://notcve.org/view.php?id=CVE-2024-31083
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • http://www.openwall.com/lists/oss-security/2024/04/03/13 http://www.openwall.com/lists/oss-security/2024/04/12/10 https://access.redhat.com/errata/RHSA-2024:1785 https://access.redhat.com/errata/RHSA-2024:2036 https://access.redhat.com/errata/RHSA-2024:2037 https://access.redhat.com/errata/RHSA-2024:2038 https://access.redhat.com/errata/RHSA-2024:2039 https://access.redhat.com/errata/RHSA-2024:2040 https://access.redhat.com/errata/RHSA-2024:2041 https:// • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30977
https://notcve.org/view.php?id=CVE-2024-30977
An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. • http://www.secnet.cn/newsdetail/388.html https://github.com/wodi98k/zip_crack/blob/main/SecnetAC.pdf • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27981
https://notcve.org/view.php?id=CVE-2024-27981
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later. • https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399 •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2020-25730
https://notcve.org/view.php?id=CVE-2020-25730
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. • https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-27518 – SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-27518
An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. • https://github.com/secunnix/CVE-2024-27518 https://www.superantispyware.com https://www.youtube.com/watch?v=FM5XlZPdvdo • CWE-269: Improper Privilege Management •