CVE-2024-31953
https://notcve.org/view.php?id=CVE-2024-31953
Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. • https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31953 • CWE-269: Improper Privilege Management •
CVE-2024-29513
https://notcve.org/view.php?id=CVE-2024-29513
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. Un problema en briscKernelDriver.sys en BlueRiSC WindowsSCOPE Cyber Forensics anterior a 3.3 permite a un atacante local ejecutar código arbitrario dentro del controlador y crear una condición de denegación de servicio local debido a que se aplica una DACL inadecuada al dispositivo que crea el controlador. • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-32504
https://notcve.org/view.php?id=CVE-2022-32504
An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. • https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks https://nuki.io/en/security-updates https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2 https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-27939
https://notcve.org/view.php?id=CVE-2024-27939
An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-862: Missing Authorization •
CVE-2024-27818
https://notcve.org/view.php?id=CVE-2024-27818
An attacker may be able to cause unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/10 http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214100 •