CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40240
https://notcve.org/view.php?id=CVE-2024-40240
08 Nov 2024 — An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. • http://homeserve.com •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-44765
https://notcve.org/view.php?id=CVE-2024-44765
08 Nov 2024 — An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2.0.0 to v2.4.2 allows attackers to escalate privileges and access sensitive information via manipulation of the Nginx configuration file. An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and adminis... • https://github.com/josephgodwinkimani/CVE-2024-44765 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25431
https://notcve.org/view.php?id=CVE-2024-25431
08 Nov 2024 — An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. • https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8424 – WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
https://notcve.org/view.php?id=CVE-2024-8424
07 Nov 2024 — Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. This vulnerability allows loca... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00017 • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10526 – Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
https://notcve.org/view.php?id=CVE-2024-10526
07 Nov 2024 — This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2024-20121
https://notcve.org/view.php?id=CVE-2024-20121
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2024-20120
https://notcve.org/view.php?id=CVE-2024-20120
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2024-20119
https://notcve.org/view.php?id=CVE-2024-20119
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-123: Write-what-where Condition •
CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2024-20118
https://notcve.org/view.php?id=CVE-2024-20118
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-123: Write-what-where Condition •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-20115
https://notcve.org/view.php?id=CVE-2024-20115
04 Nov 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •