CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24821 – Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
https://notcve.org/view.php?id=CVE-2024-24821
08 Feb 2024 — As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. ... Where not possible, th... • https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
08 Feb 2024 — Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. • https://www.exploit-db.com/exploits/51963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22795
https://notcve.org/view.php?id=CVE-2024-22795
08 Feb 2024 — Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. La vulnerabilidad de permisos inseguros en Forescout SecureConnector v.11.3.06.0063 permite a un atacante local escalar privilegios a través del componente Recheck Compliance Status. • https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23764
https://notcve.org/view.php?id=CVE-2024-23764
08 Feb 2024 — Certain WithSecure products allow Local Privilege Escalation. • https://www.withsecure.com/en/support/security-advisories • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38369 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-38369
07 Feb 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-521: Weak Password Requirements •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43017 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-43017
07 Feb 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
07 Feb 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32328 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-32328
07 Feb 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22012
https://notcve.org/view.php?id=CVE-2024-22012
07 Feb 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24810 – WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
https://notcve.org/view.php?id=CVE-2024-24810
07 Feb 2024 — The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. • https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 • CWE-426: Untrusted Search Path •