CVE-2024-8533 – Rockwell Automation OptixPanelâ„¢ Privilege Escalation Vulnerability via File Permissions
https://notcve.org/view.php?id=CVE-2024-8533
The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html • CWE-269: Improper Privilege Management •
CVE-2024-6510 – Local privilege escalation vulnerability in AVG Internet Security
https://notcve.org/view.php?id=CVE-2024-6510
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. • https://www.cirosec.de/sa/sa-2023-008 • CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource CWE-749: Exposed Dangerous Method or Function •
CVE-2024-7890 – Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-7890
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows • https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US • CWE-269: Improper Privilege Management •
CVE-2024-7889 – Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-7889
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows • https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US • CWE-664: Improper Control of a Resource Through its Lifetime •
CVE-2024-20398 – Cisco IOS XR Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20398
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •