CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0046
https://notcve.org/view.php?id=CVE-2024-0046
11 Mar 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 12CVE-2024-0044 – Android 12 / 13 Run-As Any App Proof of Concept
https://notcve.org/view.php?id=CVE-2024-0044
11 Mar 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://packetstorm.news/files/id/183052 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0670 – Privilege escalation in windows agent
https://notcve.org/view.php?id=CVE-2024-0670
11 Mar 2024 — Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges La escalada de privilegios en el complemento del agente de Windows en Checkmk anterior a 2.2.0p23, 2.1.0p40 y 2.0.0 (EOL) permite al usuario local escalar privilegios • http://seclists.org/fulldisclosure/2024/Mar/29 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-50015
https://notcve.org/view.php?id=CVE-2023-50015
09 Mar 2024 — An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49340
https://notcve.org/view.php?id=CVE-2023-49340
09 Mar 2024 — An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49340 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28115 – Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
https://notcve.org/view.php?id=CVE-2024-28115
07 Mar 2024 — FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. • https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51786
https://notcve.org/view.php?id=CVE-2023-51786
07 Mar 2024 — An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. • http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26566
https://notcve.org/view.php?id=CVE-2024-26566
07 Mar 2024 — An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. • http://cute.com • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
06 Mar 2024 — Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 • CWE-863: Incorrect Authorization •