CVE-2024-7248 – Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7248
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40396
https://notcve.org/view.php?id=CVE-2023-40396
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213936 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 •
CVE-2023-42959
https://notcve.org/view.php?id=CVE-2023-42959
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213940 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-6726 – Remote Code Execution (RCE) in Delphix
https://notcve.org/view.php?id=CVE-2024-6726
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). • https://portal.perforce.com/s/detail/a91PA000001SUDtYAO • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-41799 – tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
https://notcve.org/view.php?id=CVE-2024-41799
A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. • https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4 https://github.com/tgstation/tgstation-server/pull/1835 https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •