CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22983
https://notcve.org/view.php?id=CVE-2024-22983
28 Feb 2024 — SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. • https://github.com/keru6k/CVE-2024-22983 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50380 – Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
https://notcve.org/view.php?id=CVE-2023-50380
27 Feb 2024 — More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. ... In theory, it might be possible to use this to escalate privileges. In theory, it might be possible to use this to escalate privileges. • http://www.openwall.com/lists/oss-security/2024/02/27/6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22543
https://notcve.org/view.php?id=CVE-2024-22543
27 Feb 2024 — An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. • https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2 • CWE-613: Insufficient Session Expiration •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49114 – Local Privilege Escalation via DLL Hijacking
https://notcve.org/view.php?id=CVE-2023-49114
26 Feb 2024 — A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met. A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some spe... • https://packetstorm.news/files/id/177387 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24402
https://notcve.org/view.php?id=CVE-2024-24402
26 Feb 2024 — An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. Un problema en Nagios XI 2024R1.01 permite a un atacante remoto escalar privilegios mediante un script manipulado al componente /usr/local/nagios/bin/npcd. • https://github.com/MAWK0235/CVE-2024-24402 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26148 – Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation
https://notcve.org/view.php?id=CVE-2024-26148
21 Feb 2024 — Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of `javascript:` protocol which can potentially trigger arbitrary client-side execution. The most extreme exploit of this flaw could occur when an admin user unknowingly clicks on a cross-site scripting URL, thereby unintentionally compromising adm... • https://github.com/pinterest/querybook/commit/bc620dabaaf13ff1dcb30af0b46a490403fb9908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22235
https://notcve.org/view.php?id=CVE-2024-22235
21 Feb 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada... • https://www.vmware.com/security/advisories/VMSA-2024-0004.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0865 – Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-0865
21 Feb 2024 — CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. ... This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of NETWORK SERVICE. CWE-798: Use of hard-coded creden... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1156 – NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-1156
20 Feb 2024 — Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la información de configuración de RabbitMQ y potencialmente habilitar la escalada de privilegios. This vulnerability allows local attackers to escalate<... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1155 – Incorrect permissions for shared NI SystemLink Elixir based services
https://notcve.org/view.php?id=CVE-2024-1155
20 Feb 2024 — Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos incorrectos en los directorios de instalación para los servicios compartidos basados en SystemLink Elixir pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. This vulnerability allows local attackers t... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html • CWE-276: Incorrect Default Permissions •