CVE-2024-23483 – Local Privilege Escalation via lack of input validation
https://notcve.org/view.php?id=CVE-2024-23483
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •
CVE-2024-23458 – Local Privilege Escalation on Zscaler Client Connector on Windows
https://notcve.org/view.php?id=CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •
CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2019-6197
https://notcve.org/view.php?id=CVE-2019-6197
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/186945.html • CWE-287: Improper Authentication •
CVE-2019-6198
https://notcve.org/view.php?id=CVE-2019-6198
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/186945.html • CWE-287: Improper Authentication •