CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48987
https://notcve.org/view.php?id=CVE-2023-48987
14 Feb 2024 — Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-21371 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21371
13 Feb 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 10CVE-2024-21338 – Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-21338
13 Feb 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. • https://packetstorm.news/files/id/177869 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22042
https://notcve.org/view.php?id=CVE-2024-22042
13 Feb 2024 — This could be exploited by an attacker to perform a local privilege escalation attack. ... Un atacante podría aprovechar esto para realizar un ataque de escalada de privilegios local. • https://cert-portal.siemens.com/productcert/html/ssa-543502.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50236
https://notcve.org/view.php?id=CVE-2023-50236
13 Feb 2024 — An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. ... Un atacante con acceso local podría aprovechar esta vulnerabilidad para escalar privilegios a NT AUTHORITY\SYSTEM. • https://cert-portal.siemens.com/productcert/html/ssa-871717.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22132 – Code Injection vulnerability in SAP IDES Systems
https://notcve.org/view.php?id=CVE-2024-22132
13 Feb 2024 — SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. • https://me.sap.com/notes/3421659 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24828 – Local Privilege Escalation in execuatables bundled by pkg
https://notcve.org/view.php?id=CVE-2024-24828
09 Feb 2024 — On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. ... An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. ... En sistemas Unix, este es `/tmp/pkg/*` que es un directorio compartido para todos los usuarios en el mismo sistema local. ... Un atacante que tiene acceso al mismo sistema local tiene la capacidad d... • https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24308
https://notcve.org/view.php?id=CVE-2024-24308
09 Feb 2024 — SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. • https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50026
https://notcve.org/view.php?id=CVE-2023-50026
09 Feb 2024 — SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). • https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46350
https://notcve.org/view.php?id=CVE-2023-46350
09 Feb 2024 — SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. • https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •