CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40669
https://notcve.org/view.php?id=CVE-2024-40669
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40651
https://notcve.org/view.php?id=CVE-2024-40651
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40649
https://notcve.org/view.php?id=CVE-2024-40649
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-23385
https://notcve.org/view.php?id=CVE-2025-23385
28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0065 – Improper Neutralization of Argument Delimiters in TeamViewer Clients
https://notcve.org/view.php?id=CVE-2025-0065
28 Jan 2025 — Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary ... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 2CVE-2024-55968
https://notcve.org/view.php?id=CVE-2024-55968
28 Jan 2025 — This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection. • https://github.com/Wi1DN00B/CVE-2024-55968 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57052
https://notcve.org/view.php?id=CVE-2024-57052
27 Jan 2025 — An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. • https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8 • CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57276
https://notcve.org/view.php?id=CVE-2024-57276
27 Jan 2025 — The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md • CWE-428: Unquoted Search Path or Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0543 – G DATA Security Client Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0543
25 Jan 2025 — Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0542 – G DATA Management Server Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0542
25 Jan 2025 — Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •