CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-49592 – McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49592
McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. ... This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. • https://www.mcafee.com/support/s/article/000002516?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39709
https://notcve.org/view.php?id=CVE-2024-39709
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37398
https://notcve.org/view.php?id=CVE-2024-37398
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36513
https://notcve.org/view.php?id=CVE-2024-36513
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. • https://fortiguard.fortinet.com/psirt/FG-IR-24-144 • CWE-270: Privilege Context Switching Error •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51722 – Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
https://notcve.org/view.php?id=CVE-2024-51722
A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands. • https://support.blackberry.com/pkb/s/article/140220 • CWE-250: Execution with Unnecessary Privileges •