CVE-2024-52050
https://notcve.org/view.php?id=CVE-2024-52050
31 Dec 2024 — A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-52049
https://notcve.org/view.php?id=CVE-2024-52049
31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •
CVE-2024-52048
https://notcve.org/view.php?id=CVE-2024-52048
31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •
CVE-2024-13058 – Authenticated, non-admin users can create storage pools via the sifi API
https://notcve.org/view.php?id=CVE-2024-13058
30 Dec 2024 — An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. • https://advisories.softiron.cloud • CWE-269: Improper Privilege Management CWE-400: Uncontrolled Resource Consumption •
CVE-2024-12753 – Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12753
30 Dec 2024 — Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate pri... • https://www.foxit.com/support/security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-13043 – Panda Security Dome Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-13043
30 Dec 2024 — Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to esc... • https://www.zerodayinitiative.com/advisories/ZDI-24-1727 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-9080
https://notcve.org/view.php?id=CVE-2020-9080
27 Dec 2024 — Successful exploitation may lead to local privilege escalation. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en • CWE-269: Improper Privilege Management •
CVE-2024-12903 – Incorrect default permissions in Biamp Evoko Home
https://notcve.org/view.php?id=CVE-2024-12903
23 Dec 2024 — A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home • CWE-276: Incorrect Default Permissions •
CVE-2024-56334 – Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
https://notcve.org/view.php?id=CVE-2024-56334
20 Dec 2024 — This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. • https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-37758
https://notcve.org/view.php?id=CVE-2024-37758
20 Dec 2024 — Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. • https://medium.com/@hamzanadeem1337/unauthorized-full-vertical-privilege-escalation-in-digiteam-sales-gamification-portal-version-4-21-0-c3e3282e9053 • CWE-352: Cross-Site Request Forgery (CSRF) •