CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-38249 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38249
10 Sep 2024 — Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38249 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44893
https://notcve.org/view.php?id=CVE-2024-44893
10 Sep 2024 — An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. • https://github.com/jeecgboot/JimuReport/issues/2904 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42759
https://notcve.org/view.php?id=CVE-2024-42759
09 Sep 2024 — An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html • CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40718
https://notcve.org/view.php?id=CVE-2024-40718
07 Sep 2024 — A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40712
https://notcve.org/view.php?id=CVE-2024-40712
07 Sep 2024 — A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6260 – Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6260
05 Sep 2024 — Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerab... • https://www.malwarebytes.com/secure/cves • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
04 Sep 2024 — A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. ... A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38456
https://notcve.org/view.php?id=CVE-2024-38456
03 Sep 2024 — A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
30 Aug 2024 — Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the... • https://www.zerodayinitiative.com/advisories/ZDI-24-1188 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8357 – Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8357
30 Aug 2024 — Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the b... • https://www.zerodayinitiative.com/advisories/ZDI-24-1189 • CWE-1326: Missing Immutable Root of Trust in Hardware •