CVE-2024-39436
https://notcve.org/view.php?id=CVE-2024-39436
This could lead to local escalation of privilege with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •
CVE-2024-9167
https://notcve.org/view.php?id=CVE-2024-9167
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Velocity-License-Server-CVE-2024-9167 • CWE-276: Incorrect Default Permissions •
CVE-2024-47196
https://notcve.org/view.php?id=CVE-2024-47196
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •
CVE-2024-47195
https://notcve.org/view.php?id=CVE-2024-47195
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •
CVE-2024-47194
https://notcve.org/view.php?id=CVE-2024-47194
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •