CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13169 – Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-13169
14 Jan 2025 — An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-48884
https://notcve.org/view.php?id=CVE-2024-48884
14 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.... • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46480
https://notcve.org/view.php?id=CVE-2024-46480
13 Jan 2025 — An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-0396 – exelban stats XPC Service shouldAcceptNewConnection command injection
https://notcve.org/view.php?id=CVE-2025-0396
12 Jan 2025 — It is possible to launch the attack on the local host. • https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53706 – SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-53706
09 Jan 2025 — A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to exploit this vulnerability. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9523 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9523
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9524 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9524
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48806
https://notcve.org/view.php?id=CVE-2024-48806
09 Jan 2025 — Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field • https://support.neat.no/article/devices-running-microsoft-teams-allow-for-buffer-overflow-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9525 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9525
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — ABB AC500v3 versions 3.7.0.569 and below suffer from privilege escalation and directory traversal vulnerabilities. • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •