CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28115 – Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
https://notcve.org/view.php?id=CVE-2024-28115
07 Mar 2024 — FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. • https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51786
https://notcve.org/view.php?id=CVE-2023-51786
07 Mar 2024 — An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. • http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26566
https://notcve.org/view.php?id=CVE-2024-26566
07 Mar 2024 — An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. • http://cute.com • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
06 Mar 2024 — Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27764
https://notcve.org/view.php?id=CVE-2024-27764
05 Mar 2024 — An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-27: Path Traversal: 'dir/../.. •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2024-20037
https://notcve.org/view.php?id=CVE-2024-20037
04 Mar 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20034
https://notcve.org/view.php?id=CVE-2024-20034
04 Mar 2024 — In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-20032
https://notcve.org/view.php?id=CVE-2024-20032
04 Mar 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-862: Missing Authorization •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20029
https://notcve.org/view.php?id=CVE-2024-20029
04 Mar 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-787: Out-of-bounds Write •