CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23715
https://notcve.org/view.php?id=CVE-2024-23715
13 Nov 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-11-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35686
https://notcve.org/view.php?id=CVE-2023-35686
13 Nov 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-11-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35659
https://notcve.org/view.php?id=CVE-2023-35659
13 Nov 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-11-01 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51722 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51722
12 Nov 2024 — A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands. • https://support.blackberry.com/pkb/s/article/140220 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 2CVE-2024-49039 – Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49039
12 Nov 2024 — Windows Task Scheduler Elevation of Privilege Vulnerability Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. • https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039 • CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10945 – FactoryTalk® Updater Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10945
12 Nov 2024 — A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7571 – Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7571
12 Nov 2024 — Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47906
https://notcve.org/view.php?id=CVE-2024-47906
12 Nov 2024 — Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29119
https://notcve.org/view.php?id=CVE-2024-29119
12 Nov 2024 — The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-616032.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47595 – Local Privilege Escalation in SAP Host Agent
https://notcve.org/view.php?id=CVE-2024-47595
12 Nov 2024 — An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. • https://me.sap.com/notes/3509619 • CWE-266: Incorrect Privilege Assignment •