CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23769
https://notcve.org/view.php?id=CVE-2024-23769
Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. El control de privilegios inadecuado para la canalización con nombre en Samsung Magician PC Software 8.0.0 (para Windows) permite a un atacante local leer datos privilegiados. • https://semiconductor.samsung.com/support/quality-support/product-security-updates •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32479 – Dell Security Management Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-32479
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. Las versiones de Dell Encryption, Dell Endpoint Security Suite Enterprise y Dell Security Management Server anteriores a 11.9.0 contienen una vulnerabilidad de escalada de privilegios debido a una ACL incorrecta del directorio de instalación no predeterminado. Un usuario malintencionado local podría explotar esta vulnerabilidad reemplazando los archivos binarios en el directorio instalado y tomando el shell inverso del sistema, lo que provocaría una escalada de privilegios. Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability. • https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-25140
https://notcve.org/view.php?id=CVE-2024-25140
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. Una instalación predeterminada de RustDesk 1.2.3 en Windows coloca un certificado WDKTestCert bajo Autoridades de certificación raíz confiables con uso de clave mejorado de firma de código (1.3.6.1.5.5.7.3.3), válido desde 2023 hasta 2033. • https://github.com/rustdesk/rustdesk/discussions/6444 https://news.ycombinator.com/item?id=39256493 https://serverfault.com/questions/837994 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24682 – Automation Studio and PVI Multiple unquoted service path vulnerabilities
https://notcve.org/view.php?id=CVE-2020-24682
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI permite programas de destino con privilegios elevados. Este problema afecta a Automation Studio: desde 4.6.0 hasta 4.6.X, desde 4.7.0 antes de 4.7.7 SP , desde 4.8.0 antes de 4.8.6 SP, desde 4.9.0 antes de 4.9.4 SP; NET/PVI: desde 4.6.0 hasta 4.6.X, desde 4.7.0 antes de 4.7.7, desde 4.8.0 antes de 4.8.6, desde 4.9.0 antes de 4.9.4. • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24681 – Automation Studio and PVI Multiple incorrect permission assignments for services
https://notcve.org/view.php?id=CVE-2020-24681
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. La asignación de permisos incorrecta para la vulnerabilidad de recursos críticos en B&R Industrial Automation Automation Studio permite la escalada de privilegios. Este problema afecta a Automation Studio: desde 4.6.0 hasta 4.6.X, desde 4.7.0 antes de 4.7.7 SP, desde 4.8.0 antes de 4.8.6 SP, desde 4.9.0 anterior a 4.9.4 SP. • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •